summaryrefslogtreecommitdiffstats
path: root/fs/9p/conv.c
diff options
context:
space:
mode:
authorLatchesar Ionkov <lucho@ionkov.net>2005-09-23 06:43:50 +0200
committerLinus Torvalds <torvalds@g5.osdl.org>2005-09-23 07:17:33 +0200
commit5b067676234715051cbde87083c36c8ea83f77b8 (patch)
treee6552ebec3b3cc18fad03d7e60feef80a0abe19e /fs/9p/conv.c
parent[PATCH] v9fs: make conv functions to check for conv buffer overflow (diff)
downloadlinux-5b067676234715051cbde87083c36c8ea83f77b8.tar.xz
linux-5b067676234715051cbde87083c36c8ea83f77b8.zip
[PATCH] v9fs: allocate the Rwalk qid array from the right conv buffer
When v9fs_deserealize_fcall deserializes a Rwalk message, it incorrectly allocates space for the qid array in the source instead of the destination buffer. Signed-off-by: Latchesar Ionkov <lucho@ionkov.net> Cc: Eric Van Hensbergen <ericvh@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to '')
-rw-r--r--fs/9p/conv.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/9p/conv.c b/fs/9p/conv.c
index ac2241db2493..18121af99d3e 100644
--- a/fs/9p/conv.c
+++ b/fs/9p/conv.c
@@ -651,7 +651,7 @@ v9fs_deserialize_fcall(struct v9fs_session_info *v9ses, u32 msgsize,
break;
case RWALK:
rcall->params.rwalk.nwqid = buf_get_int16(bufp);
- rcall->params.rwalk.wqids = buf_alloc(bufp,
+ rcall->params.rwalk.wqids = buf_alloc(dbufp,
rcall->params.rwalk.nwqid * sizeof(struct v9fs_qid));
if (rcall->params.rwalk.wqids)
for (i = 0; i < rcall->params.rwalk.nwqid; i++) {