[PATCH V2] staging: rtl8192e: Fix array overrun
Greg KH
greg at kroah.com
Mon Aug 29 17:46:42 UTC 2011
On Fri, Aug 26, 2011 at 04:46:28PM -0500, Larry Finger wrote:
> Smatch outputs the following message:
>
> drivers/staging/rtl8192e/r8192E_cmdpkt.c +412 cmpk_message_handle_rx(70)
> error: buffer overflow 'priv->stats.rxcmdpkt' 4 <= 7
>
> 407 RT_TRACE(COMP_CMDPKT, "---->cmpk_message_handle_rx():"
> 408 "unknow CMD Element\n");
> 409 return 1;
> 410 }
> 411
> 412 priv->stats.rxcmdpkt[element_id]++;
> ^^^^^^^^^^
> ->stats.rxcmdpkt[] only has 4 elements, but from the switch statement
> in the section before we can see that element_id can go up to 7
> (RX_TX_RATE_HISTORY).
>
> Reported-by: Dan Carpenter <error27 at gmail.com>
> Signed-off-by: Larry Finger <Larry.Finger at lwfinger.net>
> ---
>
> Greg,
>
> V2 Change from dimension of 7 to 8
>
> This patch can be pulled from
>
> git://git.kernel.org/pub/scm/linux/kernel/git/lwfinger/r8192E.git
$ git pull --log git://git.kernel.org/pub/scm/linux/kernel/git/lwfinger/r8192E.git
>From git://git.kernel.org/pub/scm/linux/kernel/git/lwfinger/r8192E
* branch HEAD -> FETCH_HEAD
Already up-to-date.
$
What did I do wrong here? Are you sure you pushed? I'll just apply the
patch ok?
thanks,
greg k-h
More information about the devel
mailing list