staging: r8188eu: Add files for new driver - part 4

Dan Carpenter dan.carpenter at oracle.com
Thu Aug 29 21:47:25 UTC 2013


Hello Larry Finger,

The patch 7b464c9fa5cc: "staging: r8188eu: Add files for new driver - 
part 4" from Aug 21, 2013, leads to the following Smatch warning:
"drivers/staging/rtl8188eu/core/rtw_mlme_ext.c:8328 mlme_evt_hdl()
	 error: buffer overflow 'wlanevents' 24 <= 24"


  8321          /*  checking if event code is valid */
  8322          if (evt_code >= MAX_C2HEVT) {
                    ^^^^^^^^^^^^^^^^^^^^^^
This limit is slightly larger than the number of elements in the
wlanevents[] array.

  8323                  RT_TRACE(_module_rtl871x_cmd_c_, _drv_err_, ("\nEvent Code(%d) mismatch!\n", evt_code));
  8324                  goto _abort_event_;
  8325          }
  8326  
  8327          /*  checking if event size match the event parm size */
  8328          if ((wlanevents[evt_code].parmsize != 0) &&
                     ^^^^^^^^^^^^^^^^^^^^
Off by one.

  8329              (wlanevents[evt_code].parmsize != evt_sz)) {
  8330                  RT_TRACE(_module_rtl871x_cmd_c_, _drv_err_,
  8331                           ("\nEvent(%d) Parm Size mismatch (%d vs %d)!\n",
  8332                           evt_code, wlanevents[evt_code].parmsize, evt_sz));
  8333                  goto _abort_event_;
  8334          }

It's not clear to me what the fix is.

regards,
dan carpenter



More information about the devel mailing list