From: Young_X <YangX92@xxxxxxxxxxx> The error at line 3267 was the result of an off-by-one error in a for loop in line 3253. If condition in line 3254 never satisfies, then the value of pstat->aid is NUM_STA+1. This will lead to out-of-bound access in line 3267. Signed-off-by: Young_X <YangX92@xxxxxxxxxxx> --- drivers/staging/rtl8188eu/core/rtw_mlme_ext.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c index 6790b840..0854adc 100644 --- a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c +++ b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c @@ -3250,7 +3250,7 @@ static unsigned int OnAssocReq(struct adapter *padapter, if (pstat->aid > 0) { DBG_88E(" old AID %d\n", pstat->aid); } else { - for (pstat->aid = 1; pstat->aid <= NUM_STA; pstat->aid++) + for (pstat->aid = 1; pstat->aid < NUM_STA; pstat->aid++) if (pstapriv->sta_aid[pstat->aid - 1] == NULL) break; -- 2.7.4 _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel