Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit de591dac authored by Håvard Skinnemoen's avatar Håvard Skinnemoen Committed by David Woodhouse
Browse files

MTD: Fix bug in fixup_convert_atmel_pri 



The memset() in fixup_convert_atmel_pri is supposed to zero out
everything except the first 5 bytes in *extp, but it ends up zeroing
out something way outside the struct instead. Fix this potentially
dangerous code by casting the pointer to char * before doing
arithmetic.

Signed-off-by: default avatarHåvard Skinnemoen <hskinnemoen@atmel.com>
Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent d882687c

drivers/mtd/chips/cfi_cmdset_0002.c

+1 −1
Original line number Diff line number Diff line
@@ -175,7 +175,7 @@ static void fixup_convert_atmel_pri(struct mtd_info *mtd, void *param) 
	struct cfi_pri_atmel atmel_pri;



	memcpy(&atmel_pri, extp, sizeof(atmel_pri));

	memset(extp + 5, 0, sizeof(*extp) - 5);

	memset((char *)extp + 5, 0, sizeof(*extp) - 5);



	if (atmel_pri.Features & 0x02)

		extp->EraseSuspend = 2;