All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Larry.Finger@lwfinger.net
Cc: linux-wireless@vger.kernel.org
Subject: re: rtlwifi: rtl8723be: Add new driver
Date: Fri, 7 Mar 2014 00:54:49 +0300	[thread overview]
Message-ID: <20140306215449.GA16213@elgon.mountain> (raw)

Hi Larry,

Sorry to bother you about this, because I know we see this same bug
every time we add another Realtek driver and you must be as sick of it
as I am...  :/

The patch a619d1abe20c: "rtlwifi: rtl8723be: Add new driver" from Feb
28, 2014, leads to the following static checker warning:

	drivers/net/wireless/rtlwifi/rtl8723be/phy.c:667 _rtl8723be_store_tx_power_by_rate()
	error: buffer overflow 'rtlphy->tx_power_by_rate_offset[band]' 4 <= 5

drivers/net/wireless/rtlwifi/rtl8723be/phy.c
  646  static void _rtl8723be_store_tx_power_by_rate(struct ieee80211_hw *hw,
   647                                                u32 band, u32 rfpath,
   648                                                u32 txnum, u32 regaddr,
   649                                                u32 bitmask, u32 data)
   650  {
   651          struct rtl_priv *rtlpriv = rtl_priv(hw);
   652          struct rtl_phy *rtlphy = &(rtlpriv->phy);
   653          u8 rate_section = _rtl8723be_get_rate_section_index(regaddr);
   654  
   655          if (band != BAND_ON_2_4G && band != BAND_ON_5G)
   656                  RT_TRACE(rtlpriv, COMP_POWER, PHY_TXPWR,
   657                           "Invalid Band %d\n", band);
   658  
   659          if (rfpath > MAX_RF_PATH)
                             ^^^^^^^^^^^
This should be >= TX_PWR_BY_RATE_NUM_RF.  We should return on error
instead of printing an error and then corrupting memory.

I don't know what to do here to make these bugs go away...

   660                  RT_TRACE(rtlpriv, COMP_POWER, PHY_TXPWR,
   661                           "Invalid RfPath %d\n", rfpath);
   662  
   663          if (txnum > MAX_RF_PATH)
   664                  RT_TRACE(rtlpriv, COMP_POWER, PHY_TXPWR,
   665                           "Invalid TxNum %d\n", txnum);
   666  
   667          rtlphy->tx_power_by_rate_offset[band][rfpath][txnum][rate_section] =
   668                                                                          data;
   669  }

regards,
dan carpenter

             reply	other threads:[~2014-03-06 21:55 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-03-06 21:54 Dan Carpenter [this message]
2014-03-09  6:00 ` rtlwifi: rtl8723be: Add new driver Larry Finger
  -- strict thread matches above, loose matches on Subject: below --
2015-10-19 15:10 Dan Carpenter
2015-10-19 18:26 ` Jakub Sitnicki

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140306215449.GA16213@elgon.mountain \
    --to=dan.carpenter@oracle.com \
    --cc=Larry.Finger@lwfinger.net \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.