Judging from context, I think there's a misplaced "&" in this code that
can cause stack overflows and other nasty problems. Perhaps it's left
over from when msgdata was an array instead of a pointer? Let me know
if you have any questions or I made a mistake.
Best,
Rob
--- linux-2.6.7-rc3-full/drivers/char/ipmi/ipmi_devintf.c.orig Wed Jun 9 12:08:23 2004
+++ linux-2.6.7-rc3-full/drivers/char/ipmi/ipmi_devintf.c Wed Jun 9 12:07:09 2004
@@ -199,7 +199,7 @@ static int handle_send_req(ipmi_user_t
goto out;
}
- if (copy_from_user(&msgdata,
+ if (copy_from_user(msgdata,
req->msg.data,
req->msg.data_len))
{
On Wed, Jun 09, 2004 at 04:04:59PM -0700, Robert T. Johnson wrote:
> Judging from context, I think there's a misplaced "&" in this code that
> can cause stack overflows and other nasty problems. Perhaps it's left
> over from when msgdata was an array instead of a pointer? Let me know
> if you have any questions or I made a mistake.
ACK.
You are obviously right, and it looks like the fix is in the newest
release candidate. Thanks for finding this.
-Corey
Robert T. Johnson wrote:
>Judging from context, I think there's a misplaced "&" in this code that
>can cause stack overflows and other nasty problems. Perhaps it's left
>over from when msgdata was an array instead of a pointer? Let me know
>if you have any questions or I made a mistake.
>
>Best,
>Rob
>
>
>--- linux-2.6.7-rc3-full/drivers/char/ipmi/ipmi_devintf.c.orig Wed Jun 9 12:08:23 2004
>+++ linux-2.6.7-rc3-full/drivers/char/ipmi/ipmi_devintf.c Wed Jun 9 12:07:09 2004
>@@ -199,7 +199,7 @@ static int handle_send_req(ipmi_user_t
> goto out;
> }
>
>- if (copy_from_user(&msgdata,
>+ if (copy_from_user(msgdata,
> req->msg.data,
> req->msg.data_len))
> {
>
>
>
>
>