[staging:staging-next 133/193] drivers/staging/rtl8723au/core/rtw_mlme_ext.c:1236 OnAssocReq23a() error: we previously assumed 'p' could be null (see line 1234)
Jes Sorensen
Jes.Sorensen at redhat.com
Thu Apr 17 18:29:04 UTC 2014
Dan Carpenter <dan.carpenter at oracle.com> writes:
> On Thu, Apr 17, 2014 at 11:50:13AM +0200, Jes Sorensen wrote:
>> > Old smatch warnings:
>> > drivers/staging/rtl8723au/core/rtw_mlme_ext.c:4362
>> > collect_bss_info23a() error: __builtin_memcpy() 'bssid->IEs' too small
>> > (768 vs u32max)
>> > drivers/staging/rtl8723au/core/rtw_mlme_ext.c:4860 process_80211d()
>> > error: testing array offset 'i' after use.
>>
>> We already have a check in palce here - do I need to make the
>> if (length > MAX_IE_SZ) check for length < 0 to make this warning go
>> away?
>
> Oh. Wait. I responded to the wrong thing.
>
> Yeah. You could check for negatives or make length unsigned or you
> could check skb->len to make sure it wasn't too short. Any of those
> would work.
I checked, and given skb->len is unsigned int, it seems reasonable to
default to unsigned int for variables reading skb->len.
I'll keep this in mind when fixing it up.
Thanks again.
Jes
More information about the devel
mailing list