Hi Arik,
Smatch complains about c47e8229fa56 "wl12xx: support up to 8 stations
in AP-mode"
drivers/net/wireless/wl12xx/main.c +832 wl12xx_irq_update_links_status(22)
error: buffer overflow 'status->tx_lnk_free_pkts' 8 <= 10
828 for (hlid = WL1271_AP_STA_HLID_START; hlid < AP_MAX_LINKS; hlid++) {
^^^^^^^^^^^^
We increased this to 11.
829 if (!wl1271_is_active_sta(wl, hlid))
830 continue;
831
832 cnt = status->tx_lnk_free_pkts[hlid] -
^^^^^^^^^^^^^^^^^^^^^^
But the ->tx_lnk_free_pkts[] array still only has 8 elements so we're
reading past the end of the array.
833 wl->links[hlid].prev_freed_pkts;
834
835 wl->links[hlid].prev_freed_pkts =
836 status->tx_lnk_free_pkts[hlid];
837 wl->links[hlid].allocated_pkts -= cnt;
838
839 wl12xx_irq_ps_regulate_link(wl, hlid,
840 wl->links[hlid].allocated_pkts);
841 }
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
