On 07-07-17 12:19, Dan Carpenter wrote:
> Speaking of underflows:
>
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> 4913 if (ieee80211_is_probe_resp(mgmt->frame_control)) {
> 4914 /* Right now the only reason to get a probe response */
> 4915 /* is for p2p listen response or for p2p GO from */
> 4916 /* wpa_supplicant. Unfortunately the probe is send */
> 4917 /* on primary ndev, while dongle wants it on the p2p */
> 4918 /* vif. Since this is only reason for a probe */
> 4919 /* response to be sent, the vif is taken from cfg. */
> 4920 /* If ever desired to send proberesp for non p2p */
> 4921 /* response then data should be checked for */
> 4922 /* "DIRECT-". Note in future supplicant will take */
> 4923 /* dedicated p2p wdev to do this and then this 'hack'*/
> 4924 /* is not needed anymore. */
> 4925 ie_offset = DOT11_MGMT_HDR_LEN +
> 4926 DOT11_BCN_PRB_FIXED_LEN;
> 4927 ie_len = len - ie_offset;
> ^^^^^^^^^^^^^^^
> This can underflow. It's harmless, but it's annoying for me as a static
> checker person because this is the line where I'd like to print a
> warning but everyone will complain it's a "false positive".
Feel free to provide such a patch.
Regards,
Arend
