watchdog: pcwd_usb: overflow in usb_pcwd_send_command()

We changed "buf" from being an array of 6 chars to being a pointer this sizeof(buf) needs to be updated as well. Fixes: 2ddb8089a7e5 ('watchdog: pcwd_usb: Use allocated buffer for usb_control_msg') Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: N Guenter Roeck <linux@roeck-us.net> Signed-off-by: N Wim Van Sebroeck <wim@iguana.be>

watchdog: pcwd_usb: overflow in usb_pcwd_send_command()
We changed "buf" from being an array of 6 chars to being a pointer this sizeof(buf) needs to be updated as well. Fixes: 2ddb8089a7e5 ('watchdog: pcwd_usb: Use allocated buffer for usb_control_msg') Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: N Guenter Roeck <linux@roeck-us.net> Signed-off-by: N Wim Van Sebroeck <wim@iguana.be>
ab5bbdc7 · Dan Carpenter · Wim Van Sebroeck · 0859ffc3 · ab5bbdc7
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

drivers/watchdog/pcwd_usb.c drivers/watchdog/pcwd_usb.c +2 -2

未找到文件。
--- a/drivers/watchdog/pcwd_usb.c
+++ b/drivers/watchdog/pcwd_usb.c
@@ -258,8 +258,8 @@ static int usb_pcwd_send_command(struct usb_pcwd_private *usb_pcwd,

 	if (usb_control_msg(usb_pcwd->udev, usb_sndctrlpipe(usb_pcwd->udev, 0),
 			HID_REQ_SET_REPORT, HID_DT_REPORT,
-			0x0200, usb_pcwd->interface_number, buf, sizeof(buf),
-			USB_COMMAND_TIMEOUT) != sizeof(buf)) {
+			0x0200, usb_pcwd->interface_number, buf, 6,
+			USB_COMMAND_TIMEOUT) != 6) {
 		dbg("usb_pcwd_send_command: error in usb_control_msg for "
 				"cmd 0x%x 0x%x 0x%x\n", cmd, *msb, *lsb);
 	}