diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 4cd781110..95000853e 100755 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -2802,8 +2802,8 @@ int cfg80211_wext_siwscan(struct net_device *dev, n_channels = ieee80211_get_num_supported_channels(wiphy); } - creq = kzalloc(struct_size(creq, channels, n_channels) + - sizeof(struct cfg80211_ssid), + creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) + + n_channels * sizeof(void *), GFP_ATOMIC); if (!creq) { err = -ENOMEM; @@ -2813,7 +2813,7 @@ int cfg80211_wext_siwscan(struct net_device *dev, creq->wiphy = wiphy; creq->wdev = dev->ieee80211_ptr; /* SSIDs come after channels */ - creq->ssids = (void *)creq + struct_size(creq, channels, n_channels); + creq->ssids = (void *)&creq->channels[n_channels]; creq->n_channels = n_channels; creq->n_ssids = 1; creq->scan_start = jiffies;