* [PATCH v2][next] staging: r8188eu: Fix out-of-bounds error in HT_caps_handler()
@ 2022-02-02 5:31 Gustavo A. R. Silva
2022-02-02 6:49 ` Dan Carpenter
0 siblings, 1 reply; 2+ messages in thread
From: Gustavo A. R. Silva @ 2022-02-02 5:31 UTC (permalink / raw)
To: Larry Finger, Phillip Potter, Greg Kroah-Hartman
Cc: linux-staging, linux-kernel, Gustavo A. R. Silva, linux-hardening
Fix the following out-of-bounds error (caught with -Warray-bounds=2):
drivers/staging/r8188eu/core/rtw_wlan_util.c: In function ‘HT_caps_handler’:
drivers/staging/r8188eu/core/rtw_wlan_util.c:719:54: error: array subscript 2 is above array bounds of ‘u8[1]’ {aka ‘unsigned char[1]’} [-Werror=array-bounds]
719 | pIE->data[i] & 0x3);
| ~~~~~~~~~^~~
./include/linux/minmax.h:32:39: note: in definition of macro ‘__cmp_once’
32 | typeof(y) unique_y = (y); \
| ^
./include/linux/minmax.h:45:25: note: in expansion of macro ‘__careful_cmp’
45 | #define min(x, y) __careful_cmp(x, y, <)
| ^~~~~~~~~~~~~
drivers/staging/r8188eu/core/rtw_wlan_util.c:718:41: note: in expansion of macro ‘min’
718 | max_AMPDU_len = min(pmlmeinfo->HT_caps.u.HT_cap_element.AMPDU_para & 0x3,
| ^~~
In file included from drivers/staging/r8188eu/core/../include/drv_types.h:16,
from drivers/staging/r8188eu/core/rtw_wlan_util.c:7:
drivers/staging/r8188eu/core/../include/wlan_bssdef.h:64:13: note: while referencing ‘data’
64 | u8 data[1];
| ^~~~
by transforming one-element array into a flexible-array member in
struct ndis_802_11_var_ie
This is part of the ongoing efforts to globally enable -Warray-bounds.
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
Changes in v2:
- Fix subject line.
drivers/staging/r8188eu/include/wlan_bssdef.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/r8188eu/include/wlan_bssdef.h b/drivers/staging/r8188eu/include/wlan_bssdef.h
index 99ca097b8edd..9d1c9e763287 100644
--- a/drivers/staging/r8188eu/include/wlan_bssdef.h
+++ b/drivers/staging/r8188eu/include/wlan_bssdef.h
@@ -61,7 +61,7 @@ struct ndis_802_11_fixed_ie {
struct ndis_802_11_var_ie {
u8 ElementID;
u8 Length;
- u8 data[1];
+ u8 data[];
};
/*
--
2.27.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2][next] staging: r8188eu: Fix out-of-bounds error in HT_caps_handler()
2022-02-02 5:31 [PATCH v2][next] staging: r8188eu: Fix out-of-bounds error in HT_caps_handler() Gustavo A. R. Silva
@ 2022-02-02 6:49 ` Dan Carpenter
0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2022-02-02 6:49 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: Larry Finger, Phillip Potter, Greg Kroah-Hartman, linux-staging,
linux-kernel, linux-hardening
I really hate the subject because it says there was an out-of-bounds
error and that's a serious thing, when in the best case scenario this
patch has no effect on run time.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-02-02 7:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-02 5:31 [PATCH v2][next] staging: r8188eu: Fix out-of-bounds error in HT_caps_handler() Gustavo A. R. Silva
2022-02-02 6:49 ` Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).