Luca Coelho <luca@xxxxxxxxx> wrote: > From: Luca Coelho <luciano.coelho@xxxxxxxxx> > > The rs_rate_from_ucode_rate() function may return -EINVAL if the rate > is invalid, but none of the callsites check for the error, potentially > making us access arrays with index IWL_RATE_INVALID, which is larger > than the arrays, causing an out-of-bounds access. This will trigger > KASAN warnings, such as the one reported in the bugzilla issue > mentioned below. > > This fixes https://bugzilla.kernel.org/show_bug.cgi?id=200659 > > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Luca Coelho <luciano.coelho@xxxxxxxxx> Patch applied to wireless-drivers-next.git, thanks. 3d71c3f1f50c iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() -- https://patchwork.kernel.org/patch/10639957/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
