Comment 1 for bug 204922

Hi Stef,

It seems like patches were merged upstream for this. I'm including the upstream git commit id's and descriptions:

commit 7084191d53b224b953c8e1db525ea6c31aca5fc7
Author: Alan Stern <email address hidden>
Date: Wed Feb 20 14:15:58 2008 -0500

    USB: usb-storage: don't access beyond the end of the sg buffer

    This patch (as1035) fixes a bug in usb_stor_access_xfer_buf() (the bug
    was originally found by Boaz Harrosh): The routine must not attempt to
    write beyond the end of a scatter-gather list or beyond the number of
    bytes requested. It also fixes up the formatting of a few comments
    and similar whitespace issues.

    Signed-off-by: Alan Stern <email address hidden>
    Signed-off-by: Greg Kroah-Hartman <email address hidden>

and

commit 6d512a80c26d87f8599057c86dc920fbfe0aa3aa
Author: Alan Stern <email address hidden>
Date: Fri Feb 22 17:00:06 2008 -0500

    usb-storage: update earlier scatter-gather bug fix

    This patch (as1037) makes a small update to the earlier as1035 patch.
    The minimum-length computation shouldn't be done in
    usb_stor_access_xfer_buf(), since that routine can be called multiple
    times for a single transfer. It should be done in
    usb_stor_set_xfer_buf() instead, which gets called only once.

    The way it is now isn't really _wrong_, but it isn't really _right_
    either. Moving the statement will be an improvement.

    Signed-off-by: Alan Stern <email address hidden>
    Signed-off-by: Greg Kroah-Hartman <email address hidden>

However, please note that we're currently in Beta freeze for Hardy so these may not get in. If this is the case, they should automatically be available in the Intrepid Ibex release as the kernel will be rebased with mainline. Thanks.