On Thu, Oct 04, 2012 at 06:24:11PM +0200, Arend van Spriel wrote: > On 10/03/2012 08:06 AM, Dan Carpenter wrote: > >The problem here is that we loop until "remained_buf_len" is less than > >zero, but since it is unsigned, it never is. > > > >"remained_buf_len" has to be large enough to hold the value from > >"mgmt_ie_buf_len". That variable is type u32, but it only holds small > >values so I have changed to both variables to int. > > > >Also I removed the bogus initialization from "mgmt_ie_buf_len" so that > >GCC can detect if it is used unitialized. I moved the declaration of > >"remained_buf_len" closer to where it is used so it's easier to read. > > > > Hi Dan, > > Good catch. I applied the patch internally on our HEAD and had it > reviewed. We did not take moving the declaration as we prefer to > have all variables at the top of the function. It makes it easier to > find what is declared in a function and whether exceeding the local > variable limit mentioned in Chapter 6. Functions of the CodingStyle > (we are exceeding it already ;-) ). > > Are you ok with us submitting it? It would be sent out for 3.8 or do > you prefer to have it fixed in 3.7? Uh, I don't know how hard it is to trigger this bug. If it's impossible to trigger then we could wait until 3.8 otherwise I would tend to merge it into 3.7 given that we haven't hit -rc1 yet. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
