Replace 1-element array in drivers/scsi/3w-xxxx.h

drivers/scsi/3w-xxxx.h

346 /* Structure for new chardev ioctls */                                                              
347 typedef struct TAG_TW_New_Ioctl {                                                                   
348         unsigned int data_buffer_length;                                                            
349         unsigned char padding [508];                                                                
350         TW_Command firmware_command;                                                                
351         char data_buffer[1];                                                                        
352 } TW_New_Ioctl;

Audit (at least) all these places where the flex array is being used:

diff -u -p drivers/scsi/3w-xxxx.c /tmp/nothing/3w-xxxx.c
--- drivers/scsi/3w-xxxx.c
+++ /tmp/nothing/3w-xxxx.c
@@ -933,7 +933,6 @@ static long tw_chrdev_ioctl(struct file
                        break;
                case TW_OP_AEN_LISTEN:
                        dprintk(KERN_WARNING "3w-xxxx: tw_chrdev_ioctl(): caught TW_AEN_LISTEN.\n");
-                       memset(tw_ioctl->data_buffer, 0, data_buffer_length);

                        spin_lock_irqsave(tw_dev->host->host_lock, flags);
                        if (tw_dev->aen_head == tw_dev->aen_tail) {
@@ -947,7 +946,6 @@ static long tw_chrdev_ioctl(struct file
                                }
                        }
                        spin_unlock_irqrestore(tw_dev->host->host_lock, flags);
-                       memcpy(tw_ioctl->data_buffer, &tw_aen_code, sizeof(tw_aen_code));
                        break;
                case TW_CMD_PACKET_WITH_DATA:
                        dprintk(KERN_WARNING "3w-xxxx: tw_chrdev_ioctl(): caught TW_CMD_PACKET_WITH_DATA.\n");

KSPP / linux

Replace 1-element array in drivers/scsi/3w-xxxx.h #206