On Mon, Jun 11, 2012 at 05:04:36PM -0700, [email protected] wrote:
[...]
> From: Bart Westgeest <[email protected]>
> Date: Mon, 11 Jun 2012 12:13:08 -0400
> Subject: staging: usbip: bugfix for stack corruption on 64-bit architectures
>
> Previously a 6 byte array (buf) was erroneously cast to a 8 byte long
> (event_bits) on 64-bit architectures which caused a stack corruption.
>
> Signed-off-by: Bart Westgeest <[email protected]>
> Cc: stable <[email protected]>
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> ---
> drivers/staging/usbip/vhci_hcd.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/usbip/vhci_hcd.c
> b/drivers/staging/usbip/vhci_hcd.c
> index f708cba..117a7ad 100644
> --- a/drivers/staging/usbip/vhci_hcd.c
> +++ b/drivers/staging/usbip/vhci_hcd.c
> @@ -205,7 +205,7 @@ static int vhci_hub_status(struct usb_hcd *hcd, char *buf)
> int retval = 0;
>
> /* the enough buffer is allocated according to USB_MAXCHILDREN */
> - unsigned long *event_bits = (unsigned long *) buf;
> + u32 *event_bits = (unsigned long *) buf;
[...]
This is ridiculous; the variable type is fixed but not the type
in the cast *right next to it*?
Ben.
--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
