media: b2c2: flexcop-usb: fix flexcop_usb_memory_req

media: b2c2: flexcop-usb: fix flexcop_usb_memory_req

Commit Message

Hans Verkuil June 20, 2024, 7:52 a.m. UTC
  smatch generated this warning:

drivers/media/usb/b2c2/flexcop-usb.c:199 flexcop_usb_memory_req() warn: iterator 'i' not incremented

and indeed the function is not using i or updating buf.

The reason this always worked is that this function is called to write just 6 bytes
(a MAC address) to the USB device, and so in practice there is only a single chunk
written. If we ever would need to write more than one chunk, this function would
fail since each chunk would read from or write to the same buf address.

Rewrite the function to properly handle this.

Signed-off-by: Hans Verkuil <>


diff --git a/drivers/media/usb/b2c2/flexcop-usb.c b/drivers/media/usb/b2c2/flexcop-usb.c
index 90f1aea99dac..eff3756cb8ec 100644
--- a/drivers/media/usb/b2c2/flexcop-usb.c
+++ b/drivers/media/usb/b2c2/flexcop-usb.c
@@ -196,7 +196,7 @@  static int flexcop_usb_memory_req(struct flexcop_usb *fc_usb,
 		return -EINVAL;
-	for (i = 0; i < len;) {
+	while (len) {
 		pagechunk = min(wMax, bytes_left_to_read_on_page(addr, len));
 			(addr & V8_MEMORY_PAGE_MASK) |
@@ -206,11 +206,12 @@  static int flexcop_usb_memory_req(struct flexcop_usb *fc_usb,
 			page_start + (addr / V8_MEMORY_PAGE_SIZE),
 			(addr & V8_MEMORY_PAGE_MASK) |
-			&buf[i], pagechunk);
+			buf, pagechunk);

 		if (ret < 0)
 			return ret;
 		addr += pagechunk;
+		buf += pagechunk;
 		len -= pagechunk;
 	return 0;