[PATCH 4/4] wcn36xx: harmless memory corruption bug in debugfs
Eugene Krasnikov
k.eugene.e at gmail.com
Tue Feb 11 14:37:38 EST 2014
From: Dan Carpenter <dan.carpenter at oracle.com>
On 64 bit systems we write past the end of the arg[] array.
Fixes: 8e84c2582169 ('wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware')
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Signed-off-by: John W. Linville <linville at tuxdriver.com>
---
debug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debug.c b/debug.c
index 2e47681..c51aa42 100644
--- a/debug.c
+++ b/debug.c
@@ -127,7 +127,7 @@ static ssize_t write_file_dump(struct file *file,
if (begin == NULL)
break;
- if (kstrtoul(begin, 0, (unsigned long *)(arg + i)) != 0)
+ if (kstrtou32(begin, 0, &arg[i]) != 0)
break;
}
--
1.8.3.2
More information about the wcn36xx
mailing list