[PATCH] fix writing to unintended memory in eth16i_probe_port();drivers/net/eth16i.c

[Roel Kluin]

14 is added as an offset to the array dummy_packet (64 unsigned chars) to
serve as a destination address in a call to memset(). However, when added, 
it is automatically scaled by the size of dummy_packet, which is 64. This
results in writing to unintended memory.

Signed-off-by: Roel Kluin <12o3l@xxxxxxxxxx>
---
diff --git a/drivers/net/eth16i.c b/drivers/net/eth16i.c
index e3dd8b1..1ae0b3e 100644
--- a/drivers/net/eth16i.c
+++ b/drivers/net/eth16i.c
@@ -680,7 +680,7 @@ static int eth16i_probe_port(int ioaddr)
 
 	dummy_packet[12] = 0x00;
 	dummy_packet[13] = 0x04;
-	memset(dummy_packet + 14, 0, sizeof(dummy_packet) - 14);
+	memset((char *)dummy_packet + 14, 0, sizeof(dummy_packet) - 14);
 
 	eth16i_select_regbank(2, ioaddr);
 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/