Thus wrote Dan Carpenter (error27@xxxxxxxxx): > On Sun, Nov 06, 2022 at 06:04:53PM +0100, Martin Kaiser wrote: > > Define a struct ieee80211_qos_hdr in the validate_recv_data_frame > > function. Use this struct to replace some numeric offsets and make the > > code easier to understand. > > Signed-off-by: Martin Kaiser <martin@xxxxxxxxx> > > --- > > drivers/staging/r8188eu/core/rtw_recv.c | 9 +++++---- > > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/drivers/staging/r8188eu/core/rtw_recv.c b/drivers/staging/r8188eu/core/rtw_recv.c > > index cb0f35d7ab98..245b931c483d 100644 > > --- a/drivers/staging/r8188eu/core/rtw_recv.c > > +++ b/drivers/staging/r8188eu/core/rtw_recv.c > > @@ -1032,7 +1032,6 @@ static int validate_recv_data_frame(struct adapter *adapter, > > struct recv_frame *precv_frame) > > { > > struct sta_info *psta = NULL; > > - u8 *ptr = precv_frame->rx_data; > > struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)precv_frame->rx_data; > > struct rx_pkt_attrib *pattrib = &precv_frame->attrib; > > struct security_priv *psecuritypriv = &adapter->securitypriv; > > @@ -1071,10 +1070,12 @@ static int validate_recv_data_frame(struct adapter *adapter, > > pattrib->ack_policy = 0; > > /* parsing QC field */ > > if (pattrib->qos) { > > + struct ieee80211_qos_hdr *qos_hdr = (struct ieee80211_qos_hdr *)hdr; > > + > > pattrib->priority = ieee80211_get_tid(hdr); > > - pattrib->ack_policy = GetAckpolicy((ptr + 24)); > > - pattrib->amsdu = GetAMsdu((ptr + 24)); > > - pattrib->hdrlen = 26; > ^^^ > > + pattrib->ack_policy = GetAckpolicy(&qos_hdr->qos_ctrl); > > + pattrib->amsdu = GetAMsdu(&qos_hdr->qos_ctrl); > > + pattrib->hdrlen += sizeof(*qos_hdr); > ^^^^ > Why did this change from "=" to "+="? Thanks a lot for spotting this, Dan! I tried a couple of versions, some of which used +=. For the one I submitted, this is wrong, of course. All of pattrib is initialised to 0 in update_recvframe_attrib_88e and pattrib->hdrlen is not updated until the assignment above. That's why the += still works and testing didn't show the problem. v2 is on the way... Thanks again, Martin