]>
Commit | Line | Data |
---|---|---|
1c771352 WB |
1 | From 5823b4a214ede884f4ba597fdd629862620e0f92 Mon Sep 17 00:00:00 2001 |
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | |
3 | Date: Mon, 21 Dec 2015 14:48:18 +0530 | |
4 | Subject: [PATCH] scsi: initialise info object with appropriate size | |
5 | ||
6 | While processing controller 'CTRL_GET_INFO' command, the routine | |
7 | 'megasas_ctrl_get_info' overflows the '&info' object size. Use its | |
8 | appropriate size to null initialise it. | |
9 | ||
10 | Reported-by: Qinghao Tang <luodalongde@gmail.com> | |
11 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | |
12 | --- | |
13 | hw/scsi/megasas.c | 2 +- | |
14 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
15 | ||
16 | diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c | |
17 | index d7dc667..576f56c 100644 | |
18 | --- a/hw/scsi/megasas.c | |
19 | +++ b/hw/scsi/megasas.c | |
20 | @@ -718,7 +718,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd) | |
21 | BusChild *kid; | |
22 | int num_pd_disks = 0; | |
23 | ||
24 | - memset(&info, 0x0, cmd->iov_size); | |
25 | + memset(&info, 0x0, dcmd_size); | |
26 | if (cmd->iov_size < dcmd_size) { | |
27 | trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size, | |
28 | dcmd_size); | |
29 | -- | |
30 | 2.4.3 | |
31 | === |