From: Alexey Dobriyan <adobri...@gmail.com> Date: Sat, 27 May 2017 18:15:14 +0300
>> --- a/net/ipv6/ndisc.c >> +++ b/net/ipv6/ndisc.c >> @@ -148,17 +148,18 @@ void __ndisc_fill_addr_option(struct sk_buff *skb, int >> type, void *data, > >> space -= data_len; >> - if (space > 0) >> - memset(opt, 0, space); >> + >> + memset(opt, 0, space); > > This can't be right. > > And what size are you reducing? It is right, space equals the same thing it would have equaled before his changes, and a memset() of zero length will do the right thing. Finally, if space can be negative here, we have real problems.
