Bug: misaligned memory access in cmdlinepart.c

Bug: misaligned memory access in cmdlinepart.c

[Timofei V. Bondarenko]

[-- Attachment #1: Type: text/plain, Size: 324 bytes --]

Hi,

in mtdpart_setup_real()/newpart() command line parser
'this_mtd' structure can be misaligned,
it may cause exception on some kind of CPU.

That happened because the structure got mixed with partition names 
allocated in a variable length area.

I've attached a simle patch, not very elegant though.

Regards.
	Timofei.

[-- Attachment #2: alignnewpart.diff --]
[-- Type: text/plain, Size: 1205 bytes --]

--- cmdlinepart.c	2005-04-18 18:06:43.000000000 +0400
+++ bfin/uClinux-dist/linux-2.6.x/drivers/mtd/cmdlinepart.c	2005-04-18 18:40:02.971778640 +0400
@@ -234,12 +234,14 @@ static int mtdpart_setup_real(char *s)
 		 * parse one mtd. have it reserve memory for the
 		 * struct cmdline_mtd_partition and the mtd-id string.
 		 */
+#define THIS_MTD_ALIGN_CONST (sizeof(void*)-1)
 		parts = newpart(p + 1,		/* cmdline */
 				&s,		/* out: updated cmdline ptr */
 				&num_parts,	/* out: number of parts */
 				0,		/* first partition */
 				(unsigned char**)&this_mtd, /* out: extra mem */
-				mtd_id_len + 1 + sizeof(*this_mtd));
+				mtd_id_len + 1 + sizeof(*this_mtd) + 
+                                THIS_MTD_ALIGN_CONST);
 		if(!parts)
 		{
 			/*
@@ -252,7 +254,11 @@ static int mtdpart_setup_real(char *s)
 			 return 0;
 		 }
 
-		/* enter results */	    
+		/* align this_mtd */
+                this_mtd = (struct cmdline_mtd_partition *) 
+                  (~THIS_MTD_ALIGN_CONST & 
+                    THIS_MTD_ALIGN_CONST + (unsigned long)(char*)this_mtd);
+		/* enter results */
 		this_mtd->parts = parts;
 		this_mtd->num_parts = num_parts;
 		this_mtd->mtd_id = (char*)(this_mtd + 1);