On Thu, Apr 17, 2014 at 11:50:13AM +0200, Jes Sorensen wrote:
> > Old smatch warnings:
> > drivers/staging/rtl8723au/core/rtw_mlme_ext.c:4362
> > collect_bss_info23a() error: __builtin_memcpy() 'bssid->IEs' too small
> > (768 vs u32max)
> > drivers/staging/rtl8723au/core/rtw_mlme_ext.c:4860 process_80211d()
> > error: testing array offset 'i' after use.
>
> We already have a check in palce here - do I need to make the
> if (length > MAX_IE_SZ) check for length < 0 to make this warning go
> away?
Yeah. Sorry about this false positive. I eventually want Smatch to be
able to parse this sort of code correctly, but it's pretty tricky logic.
I don't normally encourage people to hack around faulty tools but if you
wanted to then the patch would look like this.
regards,
dan carpenter
diff --git a/drivers/staging/rtl8723au/core/rtw_mlme_ext.c b/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
index 68991dc..dfad657 100644
--- a/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
+++ b/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
@@ -4902,7 +4902,7 @@ static void process_80211d(struct rtw_adapter *padapter,
i = j = k = 0;
if (pregistrypriv->wireless_mode & WIRELESS_11G) {
do {
- if (i == MAX_CHANNEL_NUM ||
+ if (i >= MAX_CHANNEL_NUM ||
chplan_sta[i].ChannelNum == 0 ||
chplan_sta[i].ChannelNum > 14)
break;
@@ -4975,7 +4975,7 @@ static void process_80211d(struct rtw_adapter *padapter,
if (pregistrypriv->wireless_mode & WIRELESS_11A) {
do {
- if (i == MAX_CHANNEL_NUM ||
+ if (i >= MAX_CHANNEL_NUM ||
chplan_sta[i].ChannelNum == 0)
break;
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
