Skip to content

Commit

Permalink
MTD: Fix bug in fixup_convert_atmel_pri
Browse files Browse the repository at this point in the history 
The memset() in fixup_convert_atmel_pri is supposed to zero out
everything except the first 5 bytes in *extp, but it ends up zeroing
out something way outside the struct instead. Fix this potentially
dangerous code by casting the pointer to char * before doing
arithmetic.

Signed-off-by: Håvard Skinnemoen <hskinnemoen@atmel.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
  • Loading branch information
Håvard Skinnemoen authored and David Woodhouse committed Sep 16, 2006
1 parent d882687 commit de591da
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/mtd/chips/cfi_cmdset_0002.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ static void fixup_convert_atmel_pri(struct mtd_info *mtd, void *param)
struct cfi_pri_atmel atmel_pri;

memcpy(&atmel_pri, extp, sizeof(atmel_pri));
memset(extp + 5, 0, sizeof(*extp) - 5);
memset((char *)extp + 5, 0, sizeof(*extp) - 5);

if (atmel_pri.Features & 0x02)
extp->EraseSuspend = 2;
Expand Down

0 comments on commit de591da

Please sign in to comment.