Search Linux Wireless

Re: prism54 bug...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2011/11/26 David Miller <davem@xxxxxxxxxxxxx>:
>
> Someone please look into this.
>
> In prism2_ioctl_scan_req() gcc generates a warning:
>
> drivers/net/wireless/prism54/isl_ioctl.c: In function ‘prism2_ioctl_scan_req’:
> drivers/net/wireless/prism54/isl_ioctl.c:2733:14: warning: array subscript is above array bounds [-Warray-bounds]
>
> it's a pretty serious issue, it's about the call to:
>
>                current_ev = prism54_translate_bss(ndev, &info, current_ev,
>                                                   extra + IW_SCAN_MAX_DATA,
>                                                   &(bsslist->bsslist[i]),
>                                                   noise);
>
> it's not the bsslist->bsslist[i] thing, that's fine.
>
> It's "extra + IW_SCAN_MAX_DATA".
>
>        char *extra = "";
>        char *current_ev = "foo";
>
> and IW_SCAN_MAX_DATA is 4096.  Effectively these calls crap IW entries
> into random pieces of memory as far as I can tell.
>
> We either need to figure out where this ioctl interface expects the
> response to go, or remove the ioctl and this code entirely since it's
> obviously not being used.

I'm going to kill all this shit. Thanks for the report.

  Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux