4 Dec
2008
4 Dec
'08
2:30 a.m.
Hey,
Turned out to be a simple typo, which I've fixed in the following patch. When resizing the packet_buff struct in batman_if, the new length was being updated but the old length was being used for the kmalloc(), causing something later to think it had more memory allocated to write to, hence writing past the end of the allocation.
wow - nice catch ! I happily applied your patch (revision 1173). :-)
Regards, Marek