From: Dan Carpenter <dan.carpenter@linaro.org>
To: Stefan Kerkmann <s.kerkmann@pengutronix.de>
Cc: linux-wireless@vger.kernel.org
Subject: [bug report] wifi: mwifiex: add rgpower table loading support
Date: Fri, 5 Sep 2025 11:02:43 +0300 [thread overview]
Message-ID: <aLqZI4FfOI4iJZtf@stanley.mountain> (raw)
Hello Stefan Kerkmann,
Commit 7b6f16a25806 ("wifi: mwifiex: add rgpower table loading
support") from Aug 4, 2025 (linux-next), leads to the following
(UNPUBLISHED) Smatch static checker warning:
drivers/net/wireless/marvell/mwifiex/sta_cmd.c:1540 mwifiex_send_rgpower_table()
warn: not copying enough bytes for '&hostcmd->len' (4 vs 2 bytes)
drivers/net/wireless/marvell/mwifiex/sta_cmd.c
1509 int mwifiex_send_rgpower_table(struct mwifiex_private *priv, const u8 *data,
1510 const size_t size)
1511 {
1512 int ret = 0;
1513 bool start_raw = false;
1514 u8 *ptr, *token, *pos = NULL;
1515 u8 *_data __free(kfree) = NULL;
1516 struct mwifiex_adapter *adapter = priv->adapter;
1517 struct mwifiex_ds_misc_cmd *hostcmd __free(kfree) = NULL;
1518
1519 hostcmd = kzalloc(sizeof(*hostcmd), GFP_KERNEL);
1520 if (!hostcmd)
1521 return -ENOMEM;
1522
1523 _data = kmemdup(data, size, GFP_KERNEL);
1524 if (!_data)
1525 return -ENOMEM;
1526
1527 pos = _data;
1528 ptr = hostcmd->cmd;
1529 while ((pos - _data) < size) {
1530 ret = mwifiex_rgpower_table_advance_to_content(&pos, _data, size);
1531 if (ret) {
1532 mwifiex_dbg(
1533 adapter, ERROR,
1534 "%s: failed to advance to content in rgpower table\n",
1535 __func__);
1536 return ret;
1537 }
1538
1539 if (*pos == '}' && start_raw) {
--> 1540 memcpy(&hostcmd->len, &hostcmd->cmd[2], sizeof(u16));
hostcmd->len is a u32. Copying the length into the first two bytes is an
endian bug. It won't work on big endian systems.
1541 ret = mwifiex_send_cmd(priv, 0, 0, 0, hostcmd, false);
1542 if (ret) {
1543 mwifiex_dbg(adapter, ERROR,
1544 "%s: failed to send hostcmd %d\n",
1545 __func__, ret);
1546 return ret;
1547 }
1548
1549 memset(hostcmd->cmd, 0, MWIFIEX_SIZE_OF_CMD_BUFFER);
1550 ptr = hostcmd->cmd;
1551 start_raw = false;
1552 pos++;
1553 continue;
1554 }
1555
regards,
dan carpenter
reply other threads:[~2025-09-05 8:02 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aLqZI4FfOI4iJZtf@stanley.mountain \
--to=dan.carpenter@linaro.org \
--cc=linux-wireless@vger.kernel.org \
--cc=s.kerkmann@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.