Index: linux/ipc/shm.c
===================================================================
RCS file: /repository/octsw/linux/kernel_2.6/linux/ipc/shm.c,v
retrieving revision 1.1.1.6
retrieving revision 1.2
diff -u -r1.1.1.6 -r1.2
--- linux/ipc/shm.c	7 Jun 2006 19:19:51 -0000	1.1.1.6
+++ linux/ipc/shm.c	22 Jul 2006 02:26:11 -0000	1.2
@@ -321,7 +321,11 @@
 		out.shm_lpid	= in->shm_lpid;
 		out.shm_nattch	= in->shm_nattch;
 
-		return copy_to_user(buf, &out, sizeof(out));
+		/* Use offsetof() instead of sizeof() since N32 userspace has a 
+		    different size including the unused fields. This just copies 
+		    what is used. The old method would corrupt data after the 
+		    structure */
+		return copy_to_user(buf, &out, offsetof(struct shmid_ds, shm_unused2));
 	    }
 	default:
 		return -EINVAL;