On Mon, Dec 02, 2019 at 03:16:35PM -0800, Brian Norris wrote: > A bit late, but a few readability and maintainability thoughts: > > On Fri, Nov 29, 2019 at 2:12 AM qize wang <wangqize888888888@xxxxxxxxx> wrote: > > > > mwifiex_process_tdls_action_frame() without checking > > the incoming tdls infomation element's vality before use it, > > this may cause multi heap buffer overflows. > > > > Fix them by putting vality check before use it. > > > > IE is TLV struct, but ht_cap and ht_oper aren’t TLV struct. > > the origin marvell driver code is wrong: > > > > memcpy(&sta_ptr->tdls_cap.ht_oper, pos,.... > > memcpy((u8 *)&sta_ptr->tdls_cap.ht_capb, pos,... > > > > Fix the bug by changing pos(the address of IE) to > > pos+2 ( the address of IE value ). > > > > v3: change commit log > > > > Would have been great to have a > > Cc: <stable@xxxxxxxxxxxxxxx> > > tag here. I'm not sure if "just have GregKH on CC" is the right process... Not at all :)
