On Mon, Jul 02, 2012 at 02:39:52PM +0200, Thomas Huehn wrote: > The patch: "mac80211: correct size the argument to > kzalloc in minstrel_ht" (from Jun 29, 2012), leads to memory corruption. > "msp->ratelist" is a void pointer - therfore going back to the > expicit form: sizeof(struct minstrel_rate) which brings back correct > memory allocation. > > Reported-by: Fengguang Wu <wfg@xxxxxxxxxxxxxxx> > Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > Signed-off-by: Thomas Huehn <thomas@xxxxxxxxxxxxxxxxxxxxxxx> > --- > net/mac80211/rc80211_minstrel_ht.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c > index 1ca8f2b..f9e51ef 100644 > --- a/net/mac80211/rc80211_minstrel_ht.c > +++ b/net/mac80211/rc80211_minstrel_ht.c > @@ -813,7 +813,7 @@ minstrel_ht_alloc_sta(void *priv, struct ieee80211_sta *sta, gfp_t gfp) > if (!msp) > return NULL; > > - msp->ratelist = kzalloc(sizeof(*msp->ratelist) * max_rates, gfp); > + msp->ratelist = kzalloc(sizeof(struct minstrel_rate) * max_rates, gfp); > if (!msp->ratelist) > goto error; > Johannes, I'm grabbing this one now. -- John W. Linville Someday the world will need a hero, and you linville@xxxxxxxxxxxxx might be all we have. Be ready. -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
