sata_sil24: memset() overflow

cb->atapi.cdb is an array of 16 u8 elements.  The call too memset()
would set the first part of the sge array to zero as well.  It's not
a packed struct.

This one has been around for five years.  I found it with Smatch.  I
think the reason no one has seen it before is because we normally call
sil24_fill_sg() and that overwrites sge with proper information?

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
This commit is contained in:
Dan Carpenter 2010-06-09 14:01:54 +02:00 committed by Jeff Garzik
parent 7908a9e5fc
commit 14e45c15e1
1 changed files with 1 additions and 1 deletions

View File

@ -865,7 +865,7 @@ static void sil24_qc_prep(struct ata_queued_cmd *qc)
} else {
prb = &cb->atapi.prb;
sge = cb->atapi.sge;
memset(cb->atapi.cdb, 0, 32);
memset(cb->atapi.cdb, 0, sizeof(cb->atapi.cdb));
memcpy(cb->atapi.cdb, qc->cdb, qc->dev->cdb_len);
if (ata_is_data(qc->tf.protocol)) {