On Mon, May 10, 2010 at 10:07:12AM +0530, Sujith wrote:
> Dan Carpenter wrote:
> > The original code had ENDPOINT_MAX and HST_ENDPOINT_MAX switched.
>
> Hm, no.
>
I'm afraid I don't understand. ENDPOINT_MAX is 22 and HST_ENDPOINT_MAX
is 8. The htc_target struct is defined as having 8 endpoints.
drivers/net/wireless/ath/ath9k/htc_hst.h
137 struct htc_target {
138 void *hif_dev;
139 struct ath9k_htc_priv *drv_priv;
140 struct device *dev;
141 struct ath9k_htc_hif *hif;
142 struct htc_endpoint endpoint[HST_ENDPOINT_MAX];
^^^^^^^^^^^^^^^^^^^^^^^^^^^
So in the original code:
drivers/net/wireless/ath/ath9k/htc_hst.c
119 for (tepid = ENDPOINT_MAX; tepid > ENDPOINT0; tepid--) {
120 tmp_endpoint = &target->endpoint[tepid];
^^^^^^^^^^^^^^^^^^^^^^^^^
We are past the end of the array here. 22 vs 7.
Perhaps the htc_target struct should be changed to ENDPOINT_MAX?
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
