On 64 bit systems we write past the end of the arg[] array.
Fixes: 8e84c2582169 ('wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware')
Signed-off-by: Dan Carpenter <[email protected]>
diff --git a/drivers/net/wireless/ath/wcn36xx/debug.c b/drivers/net/wireless/ath/wcn36xx/debug.c
index 5b84f7a..ef44a2da 100644
--- a/drivers/net/wireless/ath/wcn36xx/debug.c
+++ b/drivers/net/wireless/ath/wcn36xx/debug.c
@@ -126,7 +126,7 @@ static ssize_t write_file_dump(struct file *file,
if (begin == NULL)
break;
- if (kstrtoul(begin, 0, (unsigned long *)(arg + i)) != 0)
+ if (kstrtou32(begin, 0, &arg[i]) != 0)
break;
}
Looks good to me, thanx!
On Wed, Nov 6, 2013 at 7:41 AM, Dan Carpenter <[email protected]> wrote:
> On 64 bit systems we write past the end of the arg[] array.
>
> Fixes: 8e84c2582169 ('wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware')
> Signed-off-by: Dan Carpenter <[email protected]>
>
> diff --git a/drivers/net/wireless/ath/wcn36xx/debug.c b/drivers/net/wireless/ath/wcn36xx/debug.c
> index 5b84f7a..ef44a2da 100644
> --- a/drivers/net/wireless/ath/wcn36xx/debug.c
> +++ b/drivers/net/wireless/ath/wcn36xx/debug.c
> @@ -126,7 +126,7 @@ static ssize_t write_file_dump(struct file *file,
> if (begin == NULL)
> break;
>
> - if (kstrtoul(begin, 0, (unsigned long *)(arg + i)) != 0)
> + if (kstrtou32(begin, 0, &arg[i]) != 0)
> break;
> }
>
--
Best regards,
Eugene