30 Nov
2010
30 Nov
'10
1:54 p.m.
On Mon, Nov 29, 2010 at 11:43:33AM +0000, Dimitris Papastamos wrote:
The bitmap_zero() nbits argument was improperly set to reg_size but the underlying buffer was bmp_size long. This caused the memset to zero past the end of the allocated buffer and into the kernel heap causing strange kernel crashes sometimes by overwriting critical kernel structures.
Applied, thanks.