From: Dan Carpenter <dan.carpenter@oracle.com>
To: Larry Finger <Larry.Finger@lwfinger.net>
Cc: gregkh@linuxfoundation.org, phil@philpotter.co.uk,
linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 1/2] staging: r8188eu: Fix warning of array overflow in ioctl_linux.c
Date: Mon, 30 May 2022 10:44:21 +0300 [thread overview]
Message-ID: <20220530074420.GL2146@kadam> (raw)
In-Reply-To: <20220529004711.27545-2-Larry.Finger@lwfinger.net>
On Sat, May 28, 2022 at 07:47:10PM -0500, Larry Finger wrote:
> Building with -Warray-bounds results in the following warning plus others
> related to the same problem:
>
> CC [M] drivers/staging/r8188eu/os_dep/ioctl_linux.o
> In function ‘wpa_set_encryption’,
> inlined from ‘rtw_wx_set_enc_ext’ at drivers/staging/r8188eu/os_dep/ioctl_linux.c:1868:9:
> drivers/staging/r8188eu/os_dep/ioctl_linux.c:412:41: warning: array subscript ‘struct ndis_802_11_wep[0]’ is partly outside array bounds of ‘void[25]’ [-Warray-bounds]
> 412 | pwep->KeyLength = wep_key_len;
I'm not totally sure I understand where the void[25] comes from...
This is a false positive, though? Another fix would be to just declare
the struct as a variable size array? I don't know where the 16 comes
from either. :P I have not followed this logic to other functions. If
the 16 is important then the bug is real.
Your patch is harmless and less risky than changing the struct
definition so I'm fine with that. But I'm just trying to understand the
situation better.
regards,
dan carpenter
diff --git a/drivers/staging/r8188eu/include/wlan_bssdef.h b/drivers/staging/r8188eu/include/wlan_bssdef.h
index 9d1c9e763287..0d4fb1d0b22b 100644
--- a/drivers/staging/r8188eu/include/wlan_bssdef.h
+++ b/drivers/staging/r8188eu/include/wlan_bssdef.h
@@ -158,7 +158,7 @@ struct ndis_802_11_wep {
u32 KeyIndex; /* 0 is the per-client key,
* 1-N are the global keys */
u32 KeyLength; /* length of key in bytes */
- u8 KeyMaterial[16];/* variable len depending on above field */
+ u8 KeyMaterial[];/* variable len depending on above field */
};
struct ndis_802_11_auth_req {
next prev parent reply other threads:[~2022-05-30 7:44 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-29 0:47 [PATCH v2 0/2] Fix some compile warnings in v5.18+ Larry Finger
2022-05-29 0:47 ` [PATCH v2 1/2] staging: r8188eu: Fix warning of array overflow in ioctl_linux.c Larry Finger
2022-05-30 7:44 ` Dan Carpenter [this message]
2022-05-29 0:47 ` [PATCH v2 2/2] staging: r8188eu: Fix undersized array in rtw_xmit.c Larry Finger
2022-05-30 8:05 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220530074420.GL2146@kadam \
--to=dan.carpenter@oracle.com \
--cc=Larry.Finger@lwfinger.net \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=phil@philpotter.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.