[PATCH] 2.6.16-rc3-mm1 - restore zeroing of packet_command structin sr_ioctl.c

[Lee Schermerhorn]

The 'git-scsi-misc' patch removed 2 calls to memset() to zero out
a struct packet_command before passing it to sr_do_ioctl().  This
causes sr_do_ioctl() to use the uninitialized 'sense' member as a
pointer, instead of allocating a new request_sense struct.  On my
system, this results in an Oops that kills off hald and others.

This patch restores the 2 memset calls.

Signed-off-by:  Lee Schermerhorn <lee.schermerhorn@xxxxxx>

Index: linux-2.6.16-rc3-mm1/drivers/scsi/sr_ioctl.c
===================================================================
--- linux-2.6.16-rc3-mm1.orig/drivers/scsi/sr_ioctl.c	2006-02-15 13:06:08.000000000 -0500
+++ linux-2.6.16-rc3-mm1/drivers/scsi/sr_ioctl.c	2006-02-15 13:08:56.000000000 -0500
@@ -48,6 +48,7 @@ static int sr_read_tochdr(struct cdrom_d
 	if (!buffer)
 		return -ENOMEM;
 
+	memset(&cgc, 0, sizeof(struct packet_command));
 	cgc.timeout = IOCTL_TIMEOUT;
 	cgc.cmd[0] = GPCMD_READ_TOC_PMA_ATIP;
 	cgc.cmd[8] = 12;		/* LSB of length */
@@ -77,6 +78,7 @@ static int sr_read_tocentry(struct cdrom
 	if (!buffer)
 		return -ENOMEM;
 
+	memset(&cgc, 0, sizeof(struct packet_command));
 	cgc.timeout = IOCTL_TIMEOUT;
 	cgc.cmd[0] = GPCMD_READ_TOC_PMA_ATIP;
 	cgc.cmd[1] |= (tocentry->cdte_format == CDROM_MSF) ? 0x02 : 0;


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/