iwlagn: fix stack corruption
authorJohannes Berg <johannes.berg@intel.com>
Mon, 12 Sep 2011 19:08:25 +0000 (21:08 +0200)
committerJohn W. Linville <linville@tuxdriver.com>
Tue, 13 Sep 2011 18:18:39 +0000 (14:18 -0400)
Alexander reported a strange crash in iwlagn that
Meenakshi and Wey couldn't reproduce. I just ran
into the same issue and tracked it down to stack
corruption. This fixes it.

The problem was introduced in
commit 4b8b99b6e650d0527f3a123744b7459976581d14
Author: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Date:   Fri Jul 8 14:29:48 2011 -0700

    iwlagn: radio sensor offset in le16 format

Cc: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Cc: Meenakshi Venkataraman <meenakshi.venkataraman@intel.com>
Reported-by: Alexander Diewald <alex@diewald.cc>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/iwlwifi/iwl-agn-ucode.c

index a895a09..5621100 100644 (file)
@@ -167,7 +167,7 @@ static int iwlagn_set_temperature_offset_calib(struct iwl_priv *priv)
 
        memset(&cmd, 0, sizeof(cmd));
        iwl_set_calib_hdr(&cmd.hdr, IWL_PHY_CALIBRATE_TEMP_OFFSET_CMD);
-       memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(offset_calib));
+       memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(*offset_calib));
        if (!(cmd.radio_sensor_offset))
                cmd.radio_sensor_offset = DEFAULT_RADIO_SENSOR_OFFSET;