On Mon, Dec 10, 2012 at 1:55 PM, Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote: > On Thu, 2012-12-06 at 17:47 +0100, Johannes Berg wrote: >> From: Johannes Berg <johannes.berg@xxxxxxxxx> >> >> When intersecting rules, we count first to know how many >> rules need to be allocated, and then do the intersection >> into the allocated array. However, the code doing this >> writes past the end of the array because it attempts to >> do all intersections. Make it stop when the right number >> of rules has been reached. >> >> Cc: stable@xxxxxxxxxxxxxxx >> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> > > FWIW, since we currently allocate enough memory here to actually write > past the end of the intended array, I've decided to remove the stable > tag. It doesn't really fix anything -- with the next patch it fixes the > allocation to not be too large, but that doesn't really need to go to > stable. That was likely the issue I ran into that caused things to burp without the +1 ;) Luis -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
