Revert "iwmc3200wifi: fix array out-of-boundary access"
authorJohn W. Linville <linville@tuxdriver.com>
Thu, 14 Jan 2010 22:00:54 +0000 (17:00 -0500)
committerJohn W. Linville <linville@tuxdriver.com>
Thu, 14 Jan 2010 22:06:49 +0000 (17:06 -0500)
commit79b6a5110abf6fd4454ba34e0960783a4a2c801a
treef527bc90d11773f916fe411e67d1adec6b690fc1
parenta5fb297d634ba20bd53a7d6fecd611bbfd342e78
Revert "iwmc3200wifi: fix array out-of-boundary access"

This reverts commit 6c853da3f30c93eae847ecbcd9fdf10ba0da04c2.

From Message-ID: <1262663293.551.117.camel@debian>
On Sat, 2010-01-02 at 22:09 +0800, Dan Carpenter wrote:
> It don't think 6c853da3f30c93 is right.  That's the patch
> titled "iwmc3200wifi: fix array out-of-boundary access"
>
>       Allocate priv->rx_packets[IWM_RX_ID_HASH + 1] because the max array
>       index is IWM_RX_ID_HASH according to IWM_RX_ID_GET_HASH().
>
> In 2.6.33-rc2 IWM_RX_ID_GET_HASH() doesn't go as high as IWM_RX_ID_HASH
> and I don't see any array out-of-bounds.
>
> #define IWM_RX_ID_GET_HASH(id) ((id) % IWM_RX_ID_HASH)

Ah, you are right. I took '%' for '&'. John, would you revert it? Sorry
for the false alarm.

Thanks,
-yi

Reported-by: Dan Carpenter <error27@gmail.com>
Reviewed-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/iwmc3200wifi/iwm.h