From de591dacf3034977b3fb94b61d08240c8b35c39d Mon Sep 17 00:00:00 2001 From: Håvard Skinnemoen Date: Fri, 15 Sep 2006 17:19:31 +0200 Subject: MTD: Fix bug in fixup_convert_atmel_pri MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The memset() in fixup_convert_atmel_pri is supposed to zero out everything except the first 5 bytes in *extp, but it ends up zeroing out something way outside the struct instead. Fix this potentially dangerous code by casting the pointer to char * before doing arithmetic. Signed-off-by: Håvard Skinnemoen Signed-off-by: David Woodhouse --- drivers/mtd/chips/cfi_cmdset_0002.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers') diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c index ddc5bd783354..a482e8922de1 100644 --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c @@ -175,7 +175,7 @@ static void fixup_convert_atmel_pri(struct mtd_info *mtd, void *param) struct cfi_pri_atmel atmel_pri; memcpy(&atmel_pri, extp, sizeof(atmel_pri)); - memset(extp + 5, 0, sizeof(*extp) - 5); + memset((char *)extp + 5, 0, sizeof(*extp) - 5); if (atmel_pri.Features & 0x02) extp->EraseSuspend = 2; -- cgit v1.2.3