From: <bla...@ya...> - 2005-05-09 23:21:39
|
Replace one memcpy() call with overlapping source and dest arguments with one call to memmove(), to avoid data corruption. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <bla...@ya...> --- linux-2.6.12-paolo/arch/um/kernel/irq_user.c | 10 ++++++++-- 1 files changed, 8 insertions(+), 2 deletions(-) diff -puN arch/um/kernel/irq_user.c~uml-critical-change-memcpy-to-memmove arch/um/kernel/irq_user.c --- linux-2.6.12/arch/um/kernel/irq_user.c~uml-critical-change-memcpy-to-memmove 2005-05-02 17:54:20.000000000 +0200 +++ linux-2.6.12-paolo/arch/um/kernel/irq_user.c 2005-05-02 17:54:20.000000000 +0200 @@ -236,9 +236,15 @@ static void free_irq_by_cb(int (*test)(s (*prev)->fd, pollfds[i].fd); goto out; } - memcpy(&pollfds[i], &pollfds[i + 1], - (pollfds_num - i - 1) * sizeof(pollfds[0])); + pollfds_num--; + + /* This moves the *whole* array after pollfds[i] (though + * it doesn't spot as such)! */ + + memmove(&pollfds[i], &pollfds[i + 1], + (pollfds_num - i) * sizeof(pollfds[0])); + if(last_irq_ptr == &old_fd->next) last_irq_ptr = prev; *prev = (*prev)->next; _ |