On Wed, Aug 12, 2009 at 06:05:55PM +0530, roel kluin wrote: > On Wed, Aug 12, 2009 at 1:58 PM, Vasanthakumar > Thiagarajan<vasanth@xxxxxxxxxxx> wrote: > > On Wed, Aug 12, 2009 at 12:10:30AM +0530, Roel Kluin wrote: > >> Prevent a read from valid_rate_index[] with a negative index > >> > >> Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx> > >> --- > >> Maybe we should add this? > >> > >> diff --git a/drivers/net/wireless/ath/ath9k/rc.c b/drivers/net/wireless/ath/ath9k/rc.c > >> index ba06e78..a67b7f6 100644 > >> --- a/drivers/net/wireless/ath/ath9k/rc.c > >> +++ b/drivers/net/wireless/ath/ath9k/rc.c > >> @@ -1458,7 +1458,7 @@ static void ath_rc_init(struct ath_softc *sc, > >> ath_rc_priv->rate_max_phy = ath_rc_priv->valid_phy_rateidx[i][j-1]; > >> } > >> ASSERT(ath_rc_priv->rate_table_size <= RATE_TABLE_SIZE); > >> - ASSERT(k <= RATE_TABLE_SIZE); > >> + ASSERT(k <= RATE_TABLE_SIZE && k >= 4); > > > > > > NACK, k is initialized to 0 in the for loop few lines above this > > ASSERT. > > > > Vasanth > > but where is this rate_cnt initialized? from the static rate table for the respective mode. You can find these tables in the begining of rc.c. Vasanth -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
