14 is added as an offset to the array dummy_packet (64 unsigned chars) to
serve as a destination address in a call to memset(). However, when added,
it is automatically scaled by the size of dummy_packet, which is 64. This
results in writing to unintended memory.
Signed-off-by: Roel Kluin <[EMAIL PROTECTED]>
---
diff --git a/drivers/net/eth16i.c b/drivers/net/eth16i.c
index e3dd8b1..1ae0b3e 100644
--- a/drivers/net/eth16i.c
+++ b/drivers/net/eth16i.c
@@ -680,7 +680,7 @@ static int eth16i_probe_port(int ioaddr)
dummy_packet[12] = 0x00;
dummy_packet[13] = 0x04;
- memset(dummy_packet + 14, 0, sizeof(dummy_packet) - 14);
+ memset((char *)dummy_packet + 14, 0, sizeof(dummy_packet) - 14);
eth16i_select_regbank(2, ioaddr);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
