From 4486bb4173378ab04658df48e7b2f6dea303bcbf Mon Sep 17 00:00:00 2001
From: jogo <jogo@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Wed, 10 Jun 2015 09:21:36 +0000
Subject: [PATCH] b53: fix memory out of bounds access on 64 bit targets

On device reset the sizes for the vlan and port tables were wrongly
calculated based on the pointer size instead of the struct size. This
causes buffer overruns on 64 bit targets, resulting in panics.

Fix this by dereferencing the pointers.

Reported-by: Fedor Konstantinov <blmink@mink.su>
Signed-off-by: Jonas Gorski <jogo@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45938 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 target/linux/generic/files/drivers/net/phy/b53/b53_common.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/linux/generic/files/drivers/net/phy/b53/b53_common.c b/target/linux/generic/files/drivers/net/phy/b53/b53_common.c
index 2b05d5d464..47b5a8b03f 100644
--- a/target/linux/generic/files/drivers/net/phy/b53/b53_common.c
+++ b/target/linux/generic/files/drivers/net/phy/b53/b53_common.c
@@ -803,8 +803,8 @@ static int b53_global_reset_switch(struct switch_dev *dev)
 	priv->enable_jumbo = 0;
 	priv->allow_vid_4095 = 0;
 
-	memset(priv->vlans, 0, sizeof(priv->vlans) * dev->vlans);
-	memset(priv->ports, 0, sizeof(priv->ports) * dev->ports);
+	memset(priv->vlans, 0, sizeof(*priv->vlans) * dev->vlans);
+	memset(priv->ports, 0, sizeof(*priv->ports) * dev->ports);
 
 	return b53_switch_reset(priv);
 }
-- 
2.11.0