scsi: atp870u: 64 bit bug in atp885_init()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

On 64 bit CPUs there is a memory corruption bug on probe(). It should
be a u32 pointer instead of an unsigned long pointer or we write past
the end of the setupdata[] array.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

authored by

Dan Carpenter and committed by

Martin K. Petersen 8 years ago 29e79e0f e75fba9c

+2 -2

1 changed file

expand all

drivers

scsi

atp870u.c

+2 -2

drivers/scsi/atp870u.c

··· 1413 1413 atpdev->global_map[m] = 0; 1414 1414 for (k = 0; k < 4; k++) { 1415 1415 atp_writew_base(atpdev, 0x3c, n++); 1416 - ((unsigned long *)&setupdata[m][0])[k] = atp_readl_base(atpdev, 0x38); 1416 + ((u32 *)&setupdata[m][0])[k] = atp_readl_base(atpdev, 0x38); 1417 1417 } 1418 1418 for (k = 0; k < 4; k++) { 1419 1419 atp_writew_base(atpdev, 0x3c, n++); 1420 - ((unsigned long *)&atpdev->sp[m][0])[k] = atp_readl_base(atpdev, 0x38); 1420 + ((u32 *)&atpdev->sp[m][0])[k] = atp_readl_base(atpdev, 0x38); 1421 1421 } 1422 1422 n += 8; 1423 1423 }