Revision 9dfef3adaebb42163d691be73e05b12da440cbe5 authored by Yuval Mintz on 05 January 2014, 16:33:53 UTC, committed by David S. Miller on 06 January 2014, 01:22:25 UTC
There are 2 different (related) flows in the slowpath configuration that utilize the same pointer and cast it to different structs; This is obviously incorrect as the intended allocated memory is that of the smaller struct, possibly causing the flow utilizing the larger struct to corrupt other slowpath configuration. Since both flows are exclusive, set the allocated memory to be a union of both structs. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 5b62291
| File | Mode | Size |
|---|---|---|
| bnep | ||
| cmtp | ||
| hidp | ||
| rfcomm | ||
| Kconfig | -rw-r--r-- | 1.6 KB |
| Makefile | -rw-r--r-- | 409 bytes |
| a2mp.c | -rw-r--r-- | 21.3 KB |
| a2mp.h | -rw-r--r-- | 3.6 KB |
| af_bluetooth.c | -rw-r--r-- | 16.5 KB |
| amp.c | -rw-r--r-- | 11.2 KB |
| amp.h | -rw-r--r-- | 2.0 KB |
| hci_conn.c | -rw-r--r-- | 26.3 KB |
| hci_core.c | -rw-r--r-- | 95.2 KB |
| hci_event.c | -rw-r--r-- | 89.1 KB |
| hci_sock.c | -rw-r--r-- | 24.9 KB |
| hci_sysfs.c | -rw-r--r-- | 4.6 KB |
| l2cap_core.c | -rw-r--r-- | 159.2 KB |
| l2cap_sock.c | -rw-r--r-- | 30.9 KB |
| lib.c | -rw-r--r-- | 2.9 KB |
| mgmt.c | -rw-r--r-- | 119.4 KB |
| sco.c | -rw-r--r-- | 23.7 KB |
| smp.c | -rw-r--r-- | 24.0 KB |
| smp.h | -rw-r--r-- | 3.8 KB |
Computing file changes ...
