From: Håvard Skinnemoen Date: Fri, 15 Sep 2006 15:19:31 +0000 (+0200) Subject: MTD: Fix bug in fixup_convert_atmel_pri X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=de591dacf3034977b3fb94b61d08240c8b35c39d;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git MTD: Fix bug in fixup_convert_atmel_pri The memset() in fixup_convert_atmel_pri is supposed to zero out everything except the first 5 bytes in *extp, but it ends up zeroing out something way outside the struct instead. Fix this potentially dangerous code by casting the pointer to char * before doing arithmetic. Signed-off-by: Håvard Skinnemoen Signed-off-by: David Woodhouse --- diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c index ddc5bd783354..a482e8922de1 100644 --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c @@ -175,7 +175,7 @@ static void fixup_convert_atmel_pri(struct mtd_info *mtd, void *param) struct cfi_pri_atmel atmel_pri; memcpy(&atmel_pri, extp, sizeof(atmel_pri)); - memset(extp + 5, 0, sizeof(*extp) - 5); + memset((char *)extp + 5, 0, sizeof(*extp) - 5); if (atmel_pri.Features & 0x02) extp->EraseSuspend = 2;