On Wed, 2013-01-09 at 12:20 +0100, Johannes Berg wrote:
> From: Johannes Berg <johannes.berg@xxxxxxxxx>
>
> My commit 379b82f4c9dc6e67bf61aa61b096c06a2f320f60
> ("regulatory: pass new regdomain to reset function")
> broke the restore_regulatory_settings() function due
> to a logic change. Consider this change:
>
> - reset_regdomains(true);
> - cfg80211_regdomain = cfg80211_world_regdom;
> + reset_regdomains(true, cfg80211_world_regdom);
>
> This looks innocent enough, until you realise that the
> called function (reset_regdomains) also resets the
> cfg80211_world_regdom pointer, so that the old version
> of the code would use the new object it pointed to and
> the new version of the code uses the old object. This
> lead to a double-free of this object.
>
> Since reset_regdomains() sets it to &world_regdom, use
> that directly.
Applied.
johannes
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
