2011/11/26 David Miller <davem@xxxxxxxxxxxxx>: > > Someone please look into this. > > In prism2_ioctl_scan_req() gcc generates a warning: > > drivers/net/wireless/prism54/isl_ioctl.c: In function ‘prism2_ioctl_scan_req’: > drivers/net/wireless/prism54/isl_ioctl.c:2733:14: warning: array subscript is above array bounds [-Warray-bounds] > > it's a pretty serious issue, it's about the call to: > > current_ev = prism54_translate_bss(ndev, &info, current_ev, > extra + IW_SCAN_MAX_DATA, > &(bsslist->bsslist[i]), > noise); > > it's not the bsslist->bsslist[i] thing, that's fine. > > It's "extra + IW_SCAN_MAX_DATA". > > char *extra = ""; > char *current_ev = "foo"; > > and IW_SCAN_MAX_DATA is 4096. Effectively these calls crap IW entries > into random pieces of memory as far as I can tell. > > We either need to figure out where this ioctl interface expects the > response to go, or remove the ioctl and this code entirely since it's > obviously not being used. I'm going to kill all this shit. Thanks for the report. Luis -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
