On Thu, Jul 14, 2011 at 2:52 AM, Johannes Berg
<johannes@xxxxxxxxxxxxxxxx> wrote:
> On Wed, 2011-07-13 at 16:45 -0700, Thomas Pedersen wrote:
>
>> goto out;
>> @@ -2269,6 +2270,14 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
>> memcpy(skb_put(skb, beacon->head_len), beacon->head,
>> beacon->head_len);
>>
>> + pos = skb_put(skb, 6);
>
> You just keep adding here -- how is the length of the skb determined?
A little further up:
/* headroom, head length, tail length, custom IEs, and
* mesh IEs + maximum TIM length */
skb = dev_alloc_skb(local->tx_headroom +
beacon->head_len +
beacon->tail_len +
ifmsh->ie_len + 400);
we made room for the max TIM element.
>
> johannes
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
