Hello, I've written a new kind of Smatch check that generates this warning: drivers/net/wireless/ipw2x00/libipw_rx.c:1303 libipw_parse_info_param() warn: potentially allocating too little. drivers/net/wireless/ipw2x00/libipw_rx.c 1300 case WLAN_EID_IBSS_DFS: 1301 if (network->ibss_dfs) 1302 break; 1303 network->ibss_dfs = kmemdup(info_element->data, 1304 info_element->len, The problem is that smatch marks "info_element->len" as untrusted data because it comes from skb->data. "network->ibss_dfs" is a 9 character struct. We're not necessarily allocating enough space for that. So far as I can see this is harmless because we never use ->ibss_dfs and we should just delete it along with all the related code? 1305 GFP_ATOMIC); 1306 if (!network->ibss_dfs) 1307 return 1; 1308 network->flags |= NETWORK_HAS_IBSS_DFS; 1309 break; regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
