From: Andrew Goodbody <andrew.goodbody@linaro.org>
Date: Tue, 5 Aug 2025 10:52:00 +0000 (+0100)
Subject: net: ldpaa_eth: Fix buffer overflow in memset
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed3b08874f4c47e287a1f0eb36fc61ff7d778cc9;p=pandora-u-boot.git

net: ldpaa_eth: Fix buffer overflow in memset

In ldpaa_eth_open a memset is used to initialise a struct to 0 but the
size passed is that of a different struct. Correct to pass the sizeof
the struct that is being initialised.

This issue was found by Smatch.

Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
---

diff --git a/drivers/net/ldpaa_eth/ldpaa_eth.c b/drivers/net/ldpaa_eth/ldpaa_eth.c
index b72198ca530..94e62748239 100644
--- a/drivers/net/ldpaa_eth/ldpaa_eth.c
+++ b/drivers/net/ldpaa_eth/ldpaa_eth.c
@@ -458,7 +458,7 @@ static int ldpaa_eth_open(struct udevice *dev)
 	link_state.up == 1 ? printf("up\n") : printf("error state\n");
 #endif
 
-	memset(&d_queue, 0, sizeof(struct dpni_queue));
+	memset(&d_queue, 0, sizeof(struct dpni_queue_id));
 	err = dpni_get_queue(dflt_mc_io, MC_CMD_NO_FLAGS,
 			     dflt_dpni->dpni_handle, DPNI_QUEUE_RX,
 			     0, 0, &d_queue_cfg, &d_queue);