On Sat, 2018-10-13 at 09:46 +0300, Luca Coelho wrote: > From: Luca Coelho <luciano.coelho@xxxxxxxxx> > > The rs_rate_from_ucode_rate() function may return -EINVAL if the rate > is invalid, but none of the callsites check for the error, > potentially > making us access arrays with index IWL_RATE_INVALID, which is larger > than the arrays, causing an out-of-bounds access. This will trigger > KASAN warnings, such as the one reported in the bugzilla issue > mentioned below. > > This fixes https://bugzilla.kernel.org/show_bug.cgi?id=200659 > > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Luca Coelho <luciano.coelho@xxxxxxxxx> > --- Kalle, Just for the record, as we discussed on IRC, please take this patch directly to wireless-drivers-next for 4.20 so I don't need to send a pull-req just for it. -- Cheers, Luca.
