From: Larry Finger <Larry.Finger@lwfinger.net>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: linux-wireless@vger.kernel.org
Subject: Re: rtlwifi: rtl8723be: Add new driver
Date: Sun, 09 Mar 2014 00:00:03 -0600 [thread overview]
Message-ID: <531C0363.2090302@lwfinger.net> (raw)
In-Reply-To: <20140306215449.GA16213@elgon.mountain>
On 03/06/2014 03:54 PM, Dan Carpenter wrote:
> Hi Larry,
>
> Sorry to bother you about this, because I know we see this same bug
> every time we add another Realtek driver and you must be as sick of it
> as I am... :/
>
> The patch a619d1abe20c: "rtlwifi: rtl8723be: Add new driver" from Feb
> 28, 2014, leads to the following static checker warning:
>
> drivers/net/wireless/rtlwifi/rtl8723be/phy.c:667 _rtl8723be_store_tx_power_by_rate()
> error: buffer overflow 'rtlphy->tx_power_by_rate_offset[band]' 4 <= 5
>
> drivers/net/wireless/rtlwifi/rtl8723be/phy.c
> 646 static void _rtl8723be_store_tx_power_by_rate(struct ieee80211_hw *hw,
> 647 u32 band, u32 rfpath,
> 648 u32 txnum, u32 regaddr,
> 649 u32 bitmask, u32 data)
> 650 {
> 651 struct rtl_priv *rtlpriv = rtl_priv(hw);
> 652 struct rtl_phy *rtlphy = &(rtlpriv->phy);
> 653 u8 rate_section = _rtl8723be_get_rate_section_index(regaddr);
> 654
> 655 if (band != BAND_ON_2_4G && band != BAND_ON_5G)
> 656 RT_TRACE(rtlpriv, COMP_POWER, PHY_TXPWR,
> 657 "Invalid Band %d\n", band);
> 658
> 659 if (rfpath > MAX_RF_PATH)
> ^^^^^^^^^^^
> This should be >= TX_PWR_BY_RATE_NUM_RF. We should return on error
> instead of printing an error and then corrupting memory.
>
> I don't know what to do here to make these bugs go away...
>
> 660 RT_TRACE(rtlpriv, COMP_POWER, PHY_TXPWR,
> 661 "Invalid RfPath %d\n", rfpath);
> 662
> 663 if (txnum > MAX_RF_PATH)
> 664 RT_TRACE(rtlpriv, COMP_POWER, PHY_TXPWR,
> 665 "Invalid TxNum %d\n", txnum);
> 666
> 667 rtlphy->tx_power_by_rate_offset[band][rfpath][txnum][rate_section] =
> 668 data;
> 669 }
Thanks for pointing to these problems.
BTW, what static checker found the problem? I ran the latest Smatch and it did
not find it.
Larry
next prev parent reply other threads:[~2014-03-09 6:00 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-06 21:54 rtlwifi: rtl8723be: Add new driver Dan Carpenter
2014-03-09 6:00 ` Larry Finger [this message]
-- strict thread matches above, loose matches on Subject: below --
2015-10-19 15:10 Dan Carpenter
2015-10-19 18:26 ` Jakub Sitnicki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=531C0363.2090302@lwfinger.net \
--to=larry.finger@lwfinger.net \
--cc=dan.carpenter@oracle.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.