Re: [PATCH] Errenous use of memset and memcpy

From: Andreas Schwab <schwab_at_suse.de>
Date: 2005-02-20 08:55:36
Alexander Nyberg <alexn@dsv.su.se> writes:

> I stumbled across this, looks weird. Presumable fix is:
>
> ===== arch/ia64/ia32/ia32_signal.c 1.35 vs edited =====
> --- 1.35/arch/ia64/ia32/ia32_signal.c	2005-01-25 21:23:45 +01:00
> +++ edited/arch/ia64/ia32/ia32_signal.c	2005-02-12 13:12:25 +01:00
> @@ -460,10 +460,9 @@ __ia32_rt_sigsuspend (compat_sigset_t *s
>  	sigset_t oldset, set;
>  
>  	scr->scratch_unat = 0;	/* avoid leaking kernel bits to user level */
> -	memset(&set, 0, sizeof(&set));
> +	memset(&set, 0, sizeof(sigset_t));
>  
> -	if (memcpy(&set.sig, &sset->sig, sigsetsize))
> -		return -EFAULT;
> +	memcpy(&set.sig, &sset->sig, sigsetsize);

That should be copy_from_user, and the error checking needs to stay.

Andreas.

-- 
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."
-
To unsubscribe from this list: send the line "unsubscribe linux-ia64" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Received on Sat Feb 19 16:57:07 2005

This archive was generated by hypermail 2.1.8 : 2005-08-02 09:20:36 EST