Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 14e45c15e1dcc4d972b41343661683efd60fed72
commit14e45c15e1dcc4d972b41343661683efd60fed72[log] [tgz]
authorDan Carpenter <error27@gmail.com>Wed Jun 09 14:01:54 2010 +0200
committerJeff Garzik <jgarzik@redhat.com>Thu Jun 10 16:06:33 2010 -0400
tree96635555f499e15ae8b0eb2a0e0d45233544f80b
parent7908a9e5fc3f9a679b1777ed231a03636c068446 [diff]
sata_sil24: memset() overflow

cb->atapi.cdb is an array of 16 u8 elements.  The call too memset()
would set the first part of the sge array to zero as well.  It's not
a packed struct.

This one has been around for five years.  I found it with Smatch.  I
think the reason no one has seen it before is because we normally call
sil24_fill_sg() and that overwrites sge with proper information?

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
1 file changed
tree: 96635555f499e15ae8b0eb2a0e0d45233544f80b
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. MAINTAINERS
  28. Makefile
  29. README
  30. REPORTING-BUGS