From: "Luis R. Rodriguez" <lrodriguez@atheros.com>
To: Bob Copeland <me@bobcopeland.com>
Cc: Jiri Slaby <jirislaby@gmail.com>,
"proski@gnu.org" <proski@gnu.org>,
"ath5k-devel@venema.h4ckr.net" <ath5k-devel@venema.h4ckr.net>,
"linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"John W. Linville" <linville@tuxdriver.com>
Subject: Re: [ath5k-devel] [PATCH 1/1] ath5k: fix hw rate index condition
Date: Thu, 26 Feb 2009 18:39:12 -0800 [thread overview]
Message-ID: <20090227023912.GF13456@tesla> (raw)
In-Reply-To: <20090227022704.GA29850@hash.localnet>
On Thu, Feb 26, 2009 at 06:27:04PM -0800, Bob Copeland wrote:
> On Fri, Feb 27, 2009 at 12:32:55AM +0100, Jiri Slaby wrote:
> > On 27.2.2009 00:28, Bob Copeland wrote:
> >> hw_to_driver_rix() returns sc->rate_idx[x][y] as an int, and that
> >> array is initialized to (u8)-1 for invalid rates. So, it can
> >> return 255 if the hardware rate index (y) is bad, then the check
> >> "rxs.rate_idx>= 0" would always be true, right? If it's not a
> >> real bug yet, it likely will be one day :)
> >
> > Ah, yes, it really is a bug(tm), care to post a fix?
>
> Actually, I remembered in the dark recesses of my moldering brain
> that someone had a lost patch for this a while ago, so I searched
> the archives. Pavel, ok to add your s-o-b?
>
> From: Pavel Roskin <proski@gnu.org>
> Subject: [PATCH] ath5k: use signed elements for rate index table
>
> A lookup table is used to convert from hardware rate indexes back
> to driver-based rate indexes. For unknown hardware rates, we
> initialize these values to -1, but since the array elements are of
> type u8, they will be in the range 0-255. This can cause array
> overruns because subsequent sanity checks only check for negative
> values.
>
> Signed-off-by: Bob Copeland <me@bobcopeland.com>
> ---
> drivers/net/wireless/ath5k/base.h | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/net/wireless/ath5k/base.h b/drivers/net/wireless/ath5k/base.h
> index 20e0d14..8229561 100644
> --- a/drivers/net/wireless/ath5k/base.h
> +++ b/drivers/net/wireless/ath5k/base.h
> @@ -112,7 +112,7 @@ struct ath5k_softc {
> struct ieee80211_supported_band sbands[IEEE80211_NUM_BANDS];
> struct ieee80211_channel channels[ATH_CHAN_MAX];
> struct ieee80211_rate rates[IEEE80211_NUM_BANDS][AR5K_MAX_RATES];
> - u8 rate_idx[IEEE80211_NUM_BANDS][AR5K_MAX_RATES];
> + s8 rate_idx[IEEE80211_NUM_BANDS][AR5K_MAX_RATES];
Might be worth adding a note why this is the case. Can't we simply avoid
this by checking earlier for the error or simply assigning it an actual
default _good_ hw rate value?
Luis
next prev parent reply other threads:[~2009-02-27 2:40 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-26 22:44 [PATCH 1/1] ath5k: fix hw rate index condition Jiri Slaby
2009-02-26 23:15 ` Bob Copeland
2009-02-26 23:19 ` Jiri Slaby
2009-02-26 23:28 ` [ath5k-devel] " Bob Copeland
2009-02-26 23:28 ` Bob Copeland
2009-02-26 23:32 ` Jiri Slaby
2009-02-27 2:27 ` Bob Copeland
2009-02-27 2:39 ` Luis R. Rodriguez [this message]
2009-02-27 3:06 ` Bob Copeland
2009-02-27 3:15 ` Luis R. Rodriguez
2009-03-01 5:21 ` Pavel Roskin
2009-03-03 3:46 ` Bob Copeland
2009-03-03 4:31 ` Nick Kossifidis
2009-03-03 4:31 ` Nick Kossifidis
2009-03-03 13:02 ` Bob Copeland
2009-03-23 3:04 ` Bob Copeland
2009-03-23 8:21 ` Nick Kossifidis
2009-03-23 19:53 ` John W. Linville
2009-03-24 3:38 ` Bob Copeland
2009-03-01 5:07 ` Pavel Roskin
2009-03-01 14:36 ` Bob Copeland
2009-03-01 14:36 ` Bob Copeland
-- strict thread matches above, loose matches on Subject: below --
2009-01-07 15:22 Dhaval Giani
2009-02-02 7:57 ` Dhaval Giani
2009-02-15 13:47 ` Bob Copeland
2009-02-28 23:08 ` Jiri Slaby
2009-03-30 8:59 ` Dhaval Giani
2009-03-30 16:58 ` Bob Copeland
2009-03-30 17:59 ` Dhaval Giani
2009-03-30 18:13 ` Bob Copeland
2009-03-31 3:51 ` Dhaval Giani
2009-03-31 12:23 ` Bob Copeland
2009-04-08 15:22 ` [ath5k-devel] " Bob Copeland
2009-04-08 15:22 ` Bob Copeland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090227023912.GF13456@tesla \
--to=lrodriguez@atheros.com \
--cc=ath5k-devel@venema.h4ckr.net \
--cc=jirislaby@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
--cc=me@bobcopeland.com \
--cc=proski@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.