Hi Dan, On 11/02/20 12:21 pm, Dan Carpenter wrote: > EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe > > On Mon, Feb 10, 2020 at 06:36:01PM +0000, Ajay.Kathat@xxxxxxxxxxxxx wrote: >> + if (sta_ch == WILC_INVALID_CHANNEL) >> + return; >> >> while (index < len) { > > This range checking was there in the original code, but it's not > correct. index and len are in terms of bytes so we know that we can > read one byte from &buf[index] but we are reading a wilc_attr_entry > struct which is larger than a type. The struct is actually flexibly > sized so this should be something like: > > while (index + sizeof(struct wilc_attr_entry) <= len) { > e = (struct wilc_attr_entry *)&buf[index]; > if (index + sizeof(struct wilc_attr_entry) + > le16_to_cpu(e->attr_len) > len) > break; > Agree. I will correct the 'while' loop condition and submit the v2 patch series. Regards, Ajay