[staging:staging-next 133/193] drivers/staging/rtl8723au/core/rtw_mlme_ext.c:1236 OnAssocReq23a() error: we previously assumed 'p' could be null (see line 1234)

[Dan Carpenter]

On Thu, Apr 17, 2014 at 11:50:13AM +0200, Jes Sorensen wrote:
> > Old smatch warnings:
> > drivers/staging/rtl8723au/core/rtw_mlme_ext.c:4362
> > collect_bss_info23a() error: __builtin_memcpy() 'bssid->IEs' too small
> > (768 vs u32max)
> > drivers/staging/rtl8723au/core/rtw_mlme_ext.c:4860 process_80211d()
> > error: testing array offset 'i' after use.
> 
> We already have a check in palce here - do I need to make the
> if (length > MAX_IE_SZ) check for length < 0 to make this warning go
> away?

Yeah.  Sorry about this false positive.  I eventually want Smatch to be
able to parse this sort of code correctly, but it's pretty tricky logic.
I don't normally encourage people to hack around faulty tools but if you
wanted to then the patch would look like this.

regards,
dan carpenter

diff --git a/drivers/staging/rtl8723au/core/rtw_mlme_ext.c b/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
index 68991dc..dfad657 100644
--- a/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
+++ b/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
@@ -4902,7 +4902,7 @@ static void process_80211d(struct rtw_adapter *padapter,
 		i = j = k = 0;
 		if (pregistrypriv->wireless_mode & WIRELESS_11G) {
 			do {
-				if (i == MAX_CHANNEL_NUM ||
+				if (i >= MAX_CHANNEL_NUM ||
 				    chplan_sta[i].ChannelNum == 0 ||
 				    chplan_sta[i].ChannelNum > 14)
 					break;
@@ -4975,7 +4975,7 @@ static void process_80211d(struct rtw_adapter *padapter,
 
 		if (pregistrypriv->wireless_mode & WIRELESS_11A) {
 			do {
-				if (i == MAX_CHANNEL_NUM ||
+				if (i >= MAX_CHANNEL_NUM ||
 				    chplan_sta[i].ChannelNum == 0)
 					break;