From 98934def70b48dac74fac3738b78ab2d1a28edda Mon Sep 17 00:00:00 2001 From: William Lee Irwin III Date: Wed, 12 Dec 2007 03:56:55 -0800 Subject: ACPI: video_device_list corruption The ->cap fields of struct acpi_video_device and struct acpi_video_bus are 1B each, not 4B. The oversized memset()'s corrupted the subsequent list_head fields. This resulted in silent corruption without CONFIG_DEBUG_LIST and BUG's with it. This patch uses sizeof() to pass the proper bounds to the memset() calls and thereby correct the bugs. Signed-off-by: William Irwin Acked-by: Mikael Pettersson Signed-off-by: Len Brown --- drivers/acpi/video.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c index 44a0d9ba9bd6..bd77e81e81c1 100644 --- a/drivers/acpi/video.c +++ b/drivers/acpi/video.c @@ -577,7 +577,7 @@ static void acpi_video_device_find_cap(struct acpi_video_device *device) struct acpi_video_device_brightness *br = NULL; - memset(&device->cap, 0, 4); + memset(&device->cap, 0, sizeof(device->cap)); if (ACPI_SUCCESS(acpi_get_handle(device->dev->handle, "_ADR", &h_dummy1))) { device->cap._ADR = 1; @@ -697,7 +697,7 @@ static void acpi_video_bus_find_cap(struct acpi_video_bus *video) { acpi_handle h_dummy1; - memset(&video->cap, 0, 4); + memset(&video->cap, 0, sizeof(video->cap)); if (ACPI_SUCCESS(acpi_get_handle(video->device->handle, "_DOS", &h_dummy1))) { video->cap._DOS = 1; } -- cgit v1.2.3