On Thu, 2012-12-06 at 17:47 +0100, Johannes Berg wrote: > From: Johannes Berg <johannes.berg@xxxxxxxxx> > > When intersecting rules, we count first to know how many > rules need to be allocated, and then do the intersection > into the allocated array. However, the code doing this > writes past the end of the array because it attempts to > do all intersections. Make it stop when the right number > of rules has been reached. > > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> FWIW, since we currently allocate enough memory here to actually write past the end of the intended array, I've decided to remove the stable tag. It doesn't really fix anything -- with the next patch it fixes the allocation to not be too large, but that doesn't really need to go to stable. johannes -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
