[PATCH] MTD: Fix bug in fixup_convert_atmel_pri
Haavard Skinnemoen
hskinnemoen at atmel.com
Fri Sep 15 11:19:31 EDT 2006
The memset() in fixup_convert_atmel_pri is supposed to zero out
everything except the first 5 bytes in *extp, but it ends up zeroing
out something way outside the struct instead. Fix this potentially
dangerous code by casting the pointer to char * before doing
arithmetic.
Signed-off-by: Haavard Skinnemoen <hskinnemoen at atmel.com>
---
drivers/mtd/chips/cfi_cmdset_0002.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.18-rc6-mm2/drivers/mtd/chips/cfi_cmdset_0002.c
===================================================================
--- linux-2.6.18-rc6-mm2.orig/drivers/mtd/chips/cfi_cmdset_0002.c 2006-09-15 14:39:22.000000000 +0200
+++ linux-2.6.18-rc6-mm2/drivers/mtd/chips/cfi_cmdset_0002.c 2006-09-15 14:39:40.000000000 +0200
@@ -175,7 +175,7 @@ static void fixup_convert_atmel_pri(stru
struct cfi_pri_atmel atmel_pri;
memcpy(&atmel_pri, extp, sizeof(atmel_pri));
- memset(extp + 5, 0, sizeof(*extp) - 5);
+ memset((char *)extp + 5, 0, sizeof(*extp) - 5);
if (atmel_pri.Features & 0x02)
extp->EraseSuspend = 2;
More information about the linux-mtd
mailing list