From 7b8d2703525b40c743456c4bb2e129ae515c55bb Mon Sep 17 00:00:00 2001
From: Stefan Richter <stefanr@s5r6.in-berlin.de>
Date: Sat, 18 Oct 2008 01:25:30 +0200
Subject: [PATCH] Fix segfault in juju's handle_arm_request

The buffer pointers were uninitialized, leading to segfault in memcpy.
Bug report and initial version of the fix by Adrian Knoth.

Signed-off-by: Dan Dennedy <dan@dennedy.org>
---
 src/fw.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/fw.c b/src/fw.c
index 4ef084d..eacbaaa 100644
--- a/src/fw.c
+++ b/src/fw.c
@@ -773,10 +773,12 @@ handle_arm_request(raw1394handle_t handle, struct address_closure *ac,
 	}
 	rrb->request.generation = fwhandle->reset.generation;
 	rrb->request.buffer_length = in_length;
+	rrb->request.buffer = rrb->data;
 	memcpy(rrb->request.buffer, request->data, in_length);
 
 	rrb->response.response_code = response.rcode;
 	rrb->response.buffer_length = response.length;
+	rrb->response.buffer = rrb->data + in_length;
 	memcpy(rrb->response.buffer,
 	       allocation->data + offset, response.length);