Am 17.03.2017 00:21, schrieb Colin King: > From: Colin Ian King <colin.king@xxxxxxxxxxxxx> > > The pmkid data is meant be be copied to the previous item in the > pmkidlist, however the code is just copying the data to itself because > the src index into pmkidlist is the same as the dst index into pmkidlist. > Fix this with i + 1 instead of i. > > Detected by CoverityScan,CID#13339465 ("Overlapping buffer in memory copy") > > Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx> > --- > drivers/staging/wilc1000/wilc_wfi_cfgoperations.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c > index a37896f..4034f40 100644 > --- a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c > +++ b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c > @@ -1346,7 +1346,7 @@ static int del_pmksa(struct wiphy *wiphy, struct net_device *netdev, > priv->pmkid_list.pmkidlist[i + 1].bssid, > ETH_ALEN); > memcpy(priv->pmkid_list.pmkidlist[i].pmkid, > - priv->pmkid_list.pmkidlist[i].pmkid, > + priv->pmkid_list.pmkidlist[i + 1].pmkid, > PMKID_LEN); > } > priv->pmkid_list.numpmkid--; perhaps we can also simplify the error handling: that would reduce the indentlevel by one and effectivly remove the s32Error variable. if (i >= priv->pmkid_list.numpmkid || priv->pmkid_list.numpmkid <= 0) return -EINVAL; just my 2 cents. re, wh