ath9k_htc: memory corruption calling set_bit()
In d8a2c51c ('ath9k_htc: Use atomic operations for op_flags') we changed things like this: - if (priv->op_flags & OP_TSF_RESET) { + if (test_bit(OP_TSF_RESET, &priv->op_flags)) { The problem is that test_bit() takes a bit number and not a mask. It means that when we do: set_bit(OP_TSF_RESET, &priv->op_flags); Then it sets the (1 << 6) bit instead of the 6 bit so we are setting a bit which is past the end of the unsigned long. Fixes: d8a2c51c ('ath9k_htc: Use atomic operations for op_flags') Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
Showing
想要评论请 注册 或 登录