From: Matt Mackall <mpm@selenic.com>

Zwane reports an oops duie to add_entropy_words running off the top of the
stack reading its input.  The overrun is harmless until it causes a page
fault.

Looks like I introduced this bug in Aug 2003, but it was hard to trigger until
the recent changes.

Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/drivers/char/random.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

diff -puN drivers/char/random.c~random-overflow-fix drivers/char/random.c
--- 25/drivers/char/random.c~random-overflow-fix	2005-01-26 17:34:08.513172976 -0800
+++ 25-akpm/drivers/char/random.c	2005-01-26 17:34:08.518172216 -0800
@@ -1322,7 +1322,7 @@ static inline void xfer_secondary_pool(s
 
 		bytes=extract_entropy(random_state, tmp, bytes,
 				      EXTRACT_ENTROPY_LIMIT);
-		add_entropy_words(r, tmp, bytes);
+		add_entropy_words(r, tmp, (bytes + 3) / 4);
 		credit_entropy_store(r, bytes*8);
 	}
 }
_