In article <[email protected]>, Patrick Welche <[email protected]> wrote: >I'm just reading if_iwn.c, and I don't see how iwn_iter_func can be legal: > >static void >iwn_iter_func(void *arg, struct ieee80211_node *ni) >{ > struct iwn_softc *sc = arg; > struct iwn_node *wn = (struct iwn_node *)ni; > > ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); >} > >iwn_node is bigger than ieee80211_node, as it starts with an ieee80211_node: > >struct iwn_node { > struct ieee80211_node ni; /* must be the first */ > struct ieee80211_amrr_node amn; > uint16_t disable_tid; > uint8_t id; > uint8_t ridx[IEEE80211_RATE_MAXSIZE]; >}; > >Then, the call to ieee80211_amrr_choose uses amn, which is after the >struct the iwn_node was initalised with. ieee80211_amrr_choose then starts >by dereferencing bits of the amn. Isn't that pointing at garbage? > >I haven't used iwn as an "infrastructure station", so have never run into >trouble, but is the C analysis right?
It allocates enough space because the 80211 code uses iwn_node_alloc to allocate ieee80211_nodes, so that is fine. christos
