Hi Dan, Sorry for the late response, I was on vacation. > Hello Ilan Elias, > > The patch 7e0352306f68: "NFC: Set local general bytes in > nci_start_poll" from Aug 15, 2012, leads to the following warning: > net/nfc/nci/core.c:427 nci_set_local_general_bytes() > error: buffer overflow 'local_gb' 48 <= 250 > > 416 __u8 local_gb[NFC_MAX_GT_LEN]; > ^^^^^^^^^^^^^^ > 48 elements. > > 417 int i, rc = 0; > 418 > 419 param.val = > nfc_get_local_general_bytes(nfc_dev, ¶m.len); > 420 if ((param.val == NULL) || (param.len == 0)) > 421 return rc; > 422 > 423 if (param.len > NCI_MAX_PARAM_LEN) > ^^^^^^^^^^^^^^^^^ > Capped at 250. Probably NFC_MAX_GT_LEN was intended? > > 424 return -EINVAL; > 425 > 426 for (i = 0; i < param.len; i++) > 427 local_gb[param.len-1-i] = param.val[i]; > ^^^^^^^^^^^^^ > Writing to the 250th element. > > This is just a sanity check and nfc_get_local_general_bytes() > will only > return NFC_MAX_GT_LEN max because of the check in nfc_llcp_build_gb(). You're right. I see now that Szymon Janc already sent a patch for this a few days ago. Thanks & BR, Ilan -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
