caps_buf is always of size sizeof(*caps) because sizeof(caps->auth_encr_pair) * 16 is always zero. Notice that when using zero-length arrays, sizeof evaluates to zero[1]. So, the code introduced by commit 0308383f9591 ("rndis_wlan: get max_num_pmkids from device") is logically dead, hence is never executed and can be removed. As a consequence, the rest of the related code can be refactored a bit. Notice that this code has been out there since March 2010. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html Signed-off-by: Gustavo A. R. Silva <gustavo@xxxxxxxxxxxxxx> --- In case this is actually a 10-year old bug, then we might want calculate the size of caps_buf through the use of the struct_size helper: struct_size(caps, auth_encr_pair, 16); and we might also want to allocate dynamic memory instead, as we cannot do u8 caps_buf[struct_size(caps, auth_encr_pair, 16)]; due to -Wvla. Thanks -- Gustavo drivers/net/wireless/rndis_wlan.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c index 52375f3e430a..8852a1832951 100644 --- a/drivers/net/wireless/rndis_wlan.c +++ b/drivers/net/wireless/rndis_wlan.c @@ -312,17 +312,11 @@ struct ndis_80211_assoc_info { __le32 offset_resp_ies; } __packed; -struct ndis_80211_auth_encr_pair { - __le32 auth_mode; - __le32 encr_mode; -} __packed; - struct ndis_80211_capability { __le32 length; __le32 version; __le32 num_pmkids; __le32 num_auth_encr_pair; - struct ndis_80211_auth_encr_pair auth_encr_pair[0]; } __packed; struct ndis_80211_bssid_info { @@ -3109,8 +3103,7 @@ static int rndis_wlan_get_caps(struct usbnet *usbdev, struct wiphy *wiphy) __le32 num_items; __le32 items[8]; } networks_supported; - struct ndis_80211_capability *caps; - u8 caps_buf[sizeof(*caps) + sizeof(caps->auth_encr_pair) * 16]; + struct ndis_80211_capability caps; int len, retval, i, n; struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev); @@ -3140,19 +3133,18 @@ static int rndis_wlan_get_caps(struct usbnet *usbdev, struct wiphy *wiphy) } /* get device 802.11 capabilities, number of PMKIDs */ - caps = (struct ndis_80211_capability *)caps_buf; - len = sizeof(caps_buf); + len = sizeof(caps); retval = rndis_query_oid(usbdev, RNDIS_OID_802_11_CAPABILITY, - caps, &len); + &caps, &len); if (retval >= 0) { netdev_dbg(usbdev->net, "RNDIS_OID_802_11_CAPABILITY -> len %d, " "ver %d, pmkids %d, auth-encr-pairs %d\n", - le32_to_cpu(caps->length), - le32_to_cpu(caps->version), - le32_to_cpu(caps->num_pmkids), - le32_to_cpu(caps->num_auth_encr_pair)); - wiphy->max_num_pmkids = le32_to_cpu(caps->num_pmkids); + le32_to_cpu(caps.length), + le32_to_cpu(caps.version), + le32_to_cpu(caps.num_pmkids), + le32_to_cpu(caps.num_auth_encr_pair)); + wiphy->max_num_pmkids = le32_to_cpu(caps.num_pmkids); } else wiphy->max_num_pmkids = 0; -- 2.26.2