[staging:staging-next 133/193] drivers/staging/rtl8723au/core/rtw_mlme_ext.c:1236 OnAssocReq23a() error: we previously assumed 'p' could be null (see line 1234)

Jes Sorensen Jes.Sorensen at redhat.com
Thu Apr 17 18:29:04 UTC 2014


Dan Carpenter <dan.carpenter at oracle.com> writes:
> On Thu, Apr 17, 2014 at 11:50:13AM +0200, Jes Sorensen wrote:
>> > Old smatch warnings:
>> > drivers/staging/rtl8723au/core/rtw_mlme_ext.c:4362
>> > collect_bss_info23a() error: __builtin_memcpy() 'bssid->IEs' too small
>> > (768 vs u32max)
>> > drivers/staging/rtl8723au/core/rtw_mlme_ext.c:4860 process_80211d()
>> > error: testing array offset 'i' after use.
>> 
>> We already have a check in palce here - do I need to make the
>> if (length > MAX_IE_SZ) check for length < 0 to make this warning go
>> away?
>
> Oh.  Wait.  I responded to the wrong thing.
>
> Yeah.  You could check for negatives or make length unsigned or you
> could check skb->len to make sure it wasn't too short.  Any of those
> would work.

I checked, and given skb->len is unsigned int, it seems reasonable to
default to unsigned int for variables reading skb->len.

I'll keep this in mind when fixing it up.

Thanks again.

Jes


More information about the devel mailing list