Patch "wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()" has been added to the 5.4-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     wifi-mwifiex-fix-the-size-of-a-memory-allocation-in-.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 1085d36afdf3f8cf7e74b83e56c317c600b0b3ac
Author: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
Date:   Sat May 6 15:53:15 2023 +0200

    wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
    
    [ Upstream commit d9aef04fcfa81ee4fb2804a21a3712b7bbd936af ]
    
    The type of "mwifiex_adapter->nd_info" is "struct cfg80211_wowlan_nd_info",
    not "struct cfg80211_wowlan_nd_match".
    
    Use struct_size() to ease the computation of the needed size.
    
    The current code over-allocates some memory, so is safe.
    But it wastes 32 bytes.
    
    Fixes: 7d7f07d8c5d3 ("mwifiex: add wowlan net-detect support")
    Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
    Reviewed-by: Simon Horman <simon.horman@xxxxxxxxxxxx>
    Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/7a6074fb056d2181e058a3cc6048d8155c20aec7.1683371982.git.christophe.jaillet@xxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/wireless/marvell/mwifiex/scan.c b/drivers/net/wireless/marvell/mwifiex/scan.c
index 629af26675cf1..1ab04adc53dcd 100644
--- a/drivers/net/wireless/marvell/mwifiex/scan.c
+++ b/drivers/net/wireless/marvell/mwifiex/scan.c
@@ -2202,9 +2202,9 @@ int mwifiex_ret_802_11_scan(struct mwifiex_private *priv,
 
 	if (nd_config) {
 		adapter->nd_info =
-			kzalloc(sizeof(struct cfg80211_wowlan_nd_match) +
-				sizeof(struct cfg80211_wowlan_nd_match *) *
-				scan_rsp->number_of_sets, GFP_ATOMIC);
+			kzalloc(struct_size(adapter->nd_info, matches,
+					    scan_rsp->number_of_sets),
+				GFP_ATOMIC);
 
 		if (adapter->nd_info)
 			adapter->nd_info->n_matches = scan_rsp->number_of_sets;



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux