Bryant, > The bug exists in the memcmp in which the length passed in must be > guaranteed to be 1. This bug currently exists because the second > pointer passed in, can be smaller than the cmd->data_length, which > causes a fortify_panic. > > The fix is to use memchr_inv instead to find whether or not a 0 exists > instead of using memcmp. This way you dont have to worry about buffer > overflow which is the reason for the fortify_panic.
Clarified the commit description a bit and applied the patch 4.17/scsi-fixes. Thanks! -- Martin K. Petersen Oracle Linux Engineering
