Michael> The mcast pointer comes from stack. Surely we could have
Michael> use after free in ipoib_mcast_join_complete trigger data
Michael> corruption on stack and then trip on it?Now you're confusing me. Isn't the mcast pointer kmalloc()ed? - R. _______________________________________________ openib-general mailing list [email protected] http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
