On 11/10/2014 12:21 PM, Alexander Graf wrote:
> When creating a timer handle, we give the timer id a special magic offset
> of 0xcafe. However, we never mask that offset out of the timer id before
> we start using it to dereference our timer array. So we always end up aborting
> timer operation
On 10 November 2014 18:21, Alexander Graf wrote:
> When creating a timer handle, we give the timer id a special magic offset
> of 0xcafe. However, we never mask that offset out of the timer id before
> we start using it to dereference our timer array. So we always end up aborting
> timer opera
When creating a timer handle, we give the timer id a special magic offset
of 0xcafe. However, we never mask that offset out of the timer id before
we start using it to dereference our timer array. So we always end up aborting
timer operations because the timer id is out of bounds.
This was not
