]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commit
projects / mirror_ubuntu-focal-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6eafa46) | patch
staging: rtl8192e: Fix array overrun
authorLarry Finger <Larry.Finger@lwfinger.net>
Fri, 26 Aug 2011 21:46:28 +0000 (16:46 -0500)
committerGreg Kroah-Hartman <gregkh@suse.de>
Mon, 29 Aug 2011 17:58:00 +0000 (10:58 -0700)
commita504de3a1e201994eff1400d4eb16241be68c311
treeceba53305a40ef7cf74c734de01d0b72fa147f9dtree
parent6eafa4604cfa109a89524d35d93df11c37bd66b0commit | diff
staging: rtl8192e: Fix array overrun

Smatch outputs the following message:

drivers/staging/rtl8192e/r8192E_cmdpkt.c +412 cmpk_message_handle_rx(70)
error: buffer overflow 'priv->stats.rxcmdpkt' 4 <= 7

   407                          RT_TRACE(COMP_CMDPKT, "---->cmpk_message_handle_rx():"
   408                                   "unknow CMD Element\n");
   409                          return 1;
   410                  }
   411
   412                  priv->stats.rxcmdpkt[element_id]++;
                                             ^^^^^^^^^^
->stats.rxcmdpkt[] only has 4 elements, but from the switch statement
in the section before we can see that element_id can go up to 7
(RX_TX_RATE_HISTORY).

Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/staging/rtl8192e/rtl_core.h diff | blob | blame | history
Ubuntu Focal Linux kernel mirror