This reverts commit
6c853da3f30c93eae847ecbcd9fdf10ba0da04c2.
From Message-ID: <
1262663293.551.117.camel@debian>
On Sat, 2010-01-02 at 22:09 +0800, Dan Carpenter wrote:
> It don't think
6c853da3f30c93 is right. That's the patch
> titled "iwmc3200wifi: fix array out-of-boundary access"
>
> Allocate priv->rx_packets[IWM_RX_ID_HASH + 1] because the max array
> index is IWM_RX_ID_HASH according to IWM_RX_ID_GET_HASH().
>
> In 2.6.33-rc2 IWM_RX_ID_GET_HASH() doesn't go as high as IWM_RX_ID_HASH
> and I don't see any array out-of-bounds.
>
> #define IWM_RX_ID_GET_HASH(id) ((id) % IWM_RX_ID_HASH)
Ah, you are right. I took '%' for '&'. John, would you revert it? Sorry
for the false alarm.
Thanks,
-yi
Reported-by: Dan Carpenter <error27@gmail.com>
Reviewed-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
struct sk_buff_head rx_list;
struct list_head rx_tickets;
- struct list_head rx_packets[IWM_RX_ID_HASH + 1];
+ struct list_head rx_packets[IWM_RX_ID_HASH];
struct workqueue_struct *rx_wq;
struct work_struct rx_worker;