On Tue, Oct 01, 2019 at 11:45:14AM +0300, Dan Carpenter wrote:
> > diff --git a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> > index b08b9a191a34..ff5edcaba64d 100644
> > --- a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> > +++ b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
> > @@ -142,7 +142,7 @@ static noinline_for_stack char *translate_scan_wpa(struct iw_request_info *info,
> > memset(buf, 0, MAX_WPA_IE_LEN);
> > n = sprintf(buf, "wpa_ie=");
> > for (i = 0; i < wpa_len; i++) {
> > - n += snprintf(buf + n, MAX_WPA_IE_LEN - n,
> > + n += scnprintf(buf + n, MAX_WPA_IE_LEN - n,
> > "%02x", wpa_ie[i]);
> > if (n >= MAX_WPA_IE_LEN)
> ^^^^^^^^^^^^^^^^^^^
> It checks for overflow here. This check is impossible now and doesn't
> make sense. The other loop is similar.
Good catch! I must have overlooked this.
"n" cannot be greater than MAX_WPA_IE_LEN but it can be equal to that
value. We can replace the '>=' with '==' so that we don't loop
unnecessarily when n has reached it's threshold.
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
