From: Eyal Shapira <eyal@xxxxxxxxxx>
Discovered by klocwork
Array 'iwl_rate_mcs' of size 15 may use index value(s) -1
* rs.c:2562: index = iwl_hwrate_to_plcp_idx(rate)
* rs.c:2562: Result of function call 'iwl_hwrate_to_plcp_idx(rate)' is '[-1,14]'
* rs.c:2565: Array 'iwl_rate_mcs' size is 15.
* rs.c:2565: Possible attempt to access element -1 of array 'iwl_rate_mcs'.
While at it stop using index = -1 and always use IWL_RATE_INVALID
Signed-off-by: Eyal Shapira <eyalx.shapira@xxxxxxxxx>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
---
drivers/net/wireless/iwlwifi/mvm/rs.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/iwlwifi/mvm/rs.c b/drivers/net/wireless/iwlwifi/mvm/rs.c
index 54887b9..c4f214d 100644
--- a/drivers/net/wireless/iwlwifi/mvm/rs.c
+++ b/drivers/net/wireless/iwlwifi/mvm/rs.c
@@ -357,7 +357,7 @@ static int iwl_hwrate_to_plcp_idx(u32 rate_n_flags)
return idx;
}
- return -1;
+ return IWL_RATE_INVALID;
}
static void rs_rate_scale_perform(struct iwl_mvm *mvm,
@@ -703,10 +703,8 @@ static int rs_rate_from_ucode_rate(const u32 ucode_rate,
memset(rate, 0, sizeof(*rate));
rate->index = iwl_hwrate_to_plcp_idx(ucode_rate);
- if (rate->index == IWL_RATE_INVALID) {
- rate->index = -1;
+ if (rate->index == IWL_RATE_INVALID)
return -EINVAL;
- }
rate->ant = (ant_msk >> RATE_MCS_ANT_POS);
@@ -2562,7 +2560,9 @@ static int rs_pretty_print_rate(char *buf, const u32 rate)
int index = iwl_hwrate_to_plcp_idx(rate);
return sprintf(buf, "Legacy | ANT: %s Rate: %s Mbps\n",
- rs_pretty_ant(ant), iwl_rate_mcs[index].mbps);
+ rs_pretty_ant(ant),
+ index == IWL_RATE_INVALID ? "BAD" :
+ iwl_rate_mcs[index].mbps);
}
if (rate & RATE_MCS_VHT_MSK) {
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
