MTD: Fix bug in fixup_convert_atmel_pri

The memset() in fixup_convert_atmel_pri is supposed to zero out
everything except the first 5 bytes in *extp, but it ends up zeroing
out something way outside the struct instead. Fix this potentially
dangerous code by casting the pointer to char * before doing
arithmetic.

Signed-off-by: Håvard Skinnemoen <hskinnemoen@atmel.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c
index ddc5bd78335465539d8c73f0f27f7867cac25f84..a482e8922de102c15b514f3d672ad074a585c290 100644 (file)
--- a/drivers/mtd/chips/cfi_cmdset_0002.c
+++ b/drivers/mtd/chips/cfi_cmdset_0002.c
@@ -175,7 +175,7 @@ static void fixup_convert_atmel_pri(struct mtd_info *mtd, void *param)
        struct cfi_pri_atmel atmel_pri;
 
        memcpy(&atmel_pri, extp, sizeof(atmel_pri));
-       memset(extp + 5, 0, sizeof(*extp) - 5);
+       memset((char *)extp + 5, 0, sizeof(*extp) - 5);
 
        if (atmel_pri.Features & 0x02)
                extp->EraseSuspend = 2;