Re: [PATCH 3/3] staging: wilc1000: refactor p2p action frames handling API's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Dan,

On 11/02/20 12:21 pm, Dan Carpenter wrote:
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
> 
> On Mon, Feb 10, 2020 at 06:36:01PM +0000, Ajay.Kathat@xxxxxxxxxxxxx wrote:
>> +     if (sta_ch == WILC_INVALID_CHANNEL)
>> +             return;
>>
>>       while (index < len) {
> 
> This range checking was there in the original code, but it's not
> correct.  index and len are in terms of bytes so we know that we can
> read one byte from &buf[index] but we are reading a wilc_attr_entry
> struct which is larger than a type.  The struct is actually flexibly
> sized so this should be something like:
> 
>         while (index + sizeof(struct wilc_attr_entry) <= len) {
>                 e = (struct wilc_attr_entry *)&buf[index];
>                 if (index + sizeof(struct wilc_attr_entry) +
>                     le16_to_cpu(e->attr_len) > len)
>                         break;
> 

Agree. I will correct the 'while' loop condition and submit the v2 patch
series.

Regards,
Ajay
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel



[Index of Archives]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux