Hi Daniel, Thanks for the patch. > When trying to unset a previously-set multicast list (i.e. the new list > has 0 entries), mwifiex_set_multicast_list() was calling down to > mwifiex_request_set_multicast_list() while leaving > mcast_list.num_multicast_addr as an uninitialized value. > > We were arriving at mwifiex_cmd_mac_multicast_adr() which would then > proceed to do an often huge memcpy of > mcast_list.num_multicast_addr*ETH_ALEN bytes, causing memory corruption > and hard to debug crashes. > > Fix this by setting mcast_list.num_multicast_addr to 0 when no multicast > list is provided. Similarly, fix up the logic in > mwifiex_request_set_multicast_list() to unset the multicast list that > was previously sent to the hardware in such cases. > > Signed-off-by: Daniel Drake <dsd@xxxxxxxxxx> Acked-by: Bing Zhao <bzhao@xxxxxxxxxxx> Thanks, Bing > --- > drivers/net/wireless/mwifiex/main.c | 5 ++--- > drivers/net/wireless/mwifiex/sta_ioctl.c | 18 ++++++++---------- > 2 files changed, 10 insertions(+), 13 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
