Hello Jes Sorensen,
The patch 072fc84dce06: "staging: rtl8723au: tid is 4 bits, so we
need a 16 bit value to hold a bitmap" from May 9, 2014, leads to the
following static checker warning:
drivers/staging/rtl8723au/core/rtw_xmit.c:964 rtw_make_wlanhdr()
error: testing array offset 'pattrib->priority' after use.
drivers/staging/rtl8723au/core/rtw_xmit.c
954 /* Update Seq Num will be handled by f/w */
955 if (psta) {
956 psta->sta_xmitpriv.txseq_tid[pattrib->priority]++;
^^^^^^^^^^^^^^^^^^
If ->priority == 16 then we are corrupting memory.
957 psta->sta_xmitpriv.txseq_tid[pattrib->priority] &= 0xFFF;
958 pattrib->seqnum = psta->sta_xmitpriv.txseq_tid[pattrib->priority];
959 /* We dont need to worry about frag bits here */
960 pwlanhdr->seq_ctrl = cpu_to_le16(IEEE80211_SN_TO_SEQ(
961 pattrib->seqnum));
962 /* check if enable ampdu */
963 if (pattrib->ht_en && psta->htpriv.ampdu_enable) {
964 if (pattrib->priority >= 16)
^^^^^^^^^^^^^^^^^^^^^^^
This check is too late.
965 printk(KERN_WARNING "%s: Invalid "
966 "pattrib->priority %i\n",
967 __func__, pattrib->priority);
968 if (psta->htpriv.agg_enable_bitmap &
969 BIT(pattrib->priority))
970 pattrib->ampdu_en = true;
971 }
regards,
dan carpenter
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
