* [RFC PATCH] staging: rtl8723bs: fix fortify warnings by using struct_group
@ 2025-08-28 9:45 yingche
2025-08-28 13:02 ` Dan Carpenter
2025-08-29 4:09 ` [PATCH v2] " yingche
0 siblings, 2 replies; 4+ messages in thread
From: yingche @ 2025-08-28 9:45 UTC (permalink / raw)
To: gregkh; +Cc: linux-staging, linux-kernel, yingche
Fix fortify_memcpy_chk warnings in rtw_BIP_verify() and
rtw_mgmt_xmitframe_coalesce() functions by using struct_group
to access consecutive address fields.
Changed memcpy calls to use &hdr->addrs instead of hdr->addr1
when copying 18 bytes (addr1 + addr2 + addr3).
This resolves 'detected read beyond size of field' warnings
by using the proper struct_group mechanism as suggested by
the compiler.
Signed-off-by: yingche <zxcv2569763104@gmail.com>
---
drivers/staging/rtl8723bs/core/rtw_security.c | 2 +-
drivers/staging/rtl8723bs/core/rtw_xmit.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
index 8367fd15c6b1..314ec5894d47 100644
--- a/drivers/staging/rtl8723bs/core/rtw_security.c
+++ b/drivers/staging/rtl8723bs/core/rtw_security.c
@@ -1363,7 +1363,7 @@ u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe)
ClearPwrMgt(BIP_AAD);
ClearMData(BIP_AAD);
/* conscruct AAD, copy address 1 to address 3 */
- memcpy(BIP_AAD+2, pwlanhdr->addr1, 18);
+ memcpy(BIP_AAD + 2, &pwlanhdr->addrs, 18);
if (omac1_aes_128(padapter->securitypriv.dot11wBIPKey[padapter->securitypriv.dot11wBIPKeyid].skey
, BIP_AAD, ori_len, mic))
diff --git a/drivers/staging/rtl8723bs/core/rtw_xmit.c b/drivers/staging/rtl8723bs/core/rtw_xmit.c
index 8c6841f078b4..424da9030f60 100644
--- a/drivers/staging/rtl8723bs/core/rtw_xmit.c
+++ b/drivers/staging/rtl8723bs/core/rtw_xmit.c
@@ -1209,7 +1209,7 @@ s32 rtw_mgmt_xmitframe_coalesce(struct adapter *padapter, struct sk_buff *pkt, s
ClearPwrMgt(BIP_AAD);
ClearMData(BIP_AAD);
/* conscruct AAD, copy address 1 to address 3 */
- memcpy(BIP_AAD+2, pwlanhdr->addr1, 18);
+ memcpy(BIP_AAD + 2, &pwlanhdr->addrs, 18);
/* copy management fram body */
memcpy(BIP_AAD+BIP_AAD_SIZE, MGMT_body, frame_body_len);
/* calculate mic */
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [RFC PATCH] staging: rtl8723bs: fix fortify warnings by using struct_group
2025-08-28 9:45 [RFC PATCH] staging: rtl8723bs: fix fortify warnings by using struct_group yingche
@ 2025-08-28 13:02 ` Dan Carpenter
2025-08-29 4:09 ` [PATCH v2] " yingche
1 sibling, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2025-08-28 13:02 UTC (permalink / raw)
To: yingche; +Cc: gregkh, linux-staging, linux-kernel
On Thu, Aug 28, 2025 at 05:45:37PM +0800, yingche wrote:
> Fix fortify_memcpy_chk warnings in rtw_BIP_verify() and
> rtw_mgmt_xmitframe_coalesce() functions by using struct_group
> to access consecutive address fields.
>
> Changed memcpy calls to use &hdr->addrs instead of hdr->addr1
> when copying 18 bytes (addr1 + addr2 + addr3).
>
> This resolves 'detected read beyond size of field' warnings
> by using the proper struct_group mechanism as suggested by
> the compiler.
>
> Signed-off-by: yingche <zxcv2569763104@gmail.com>
> ---
> drivers/staging/rtl8723bs/core/rtw_security.c | 2 +-
> drivers/staging/rtl8723bs/core/rtw_xmit.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
> index 8367fd15c6b1..314ec5894d47 100644
> --- a/drivers/staging/rtl8723bs/core/rtw_security.c
> +++ b/drivers/staging/rtl8723bs/core/rtw_security.c
> @@ -1363,7 +1363,7 @@ u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe)
> ClearPwrMgt(BIP_AAD);
> ClearMData(BIP_AAD);
> /* conscruct AAD, copy address 1 to address 3 */
> - memcpy(BIP_AAD+2, pwlanhdr->addr1, 18);
> + memcpy(BIP_AAD + 2, &pwlanhdr->addrs, 18);
Use sizeof(pwlanhdr->addrs) instead of 18 and on the other too.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2] staging: rtl8723bs: fix fortify warnings by using struct_group
2025-08-28 9:45 [RFC PATCH] staging: rtl8723bs: fix fortify warnings by using struct_group yingche
2025-08-28 13:02 ` Dan Carpenter
@ 2025-08-29 4:09 ` yingche
2025-08-29 5:14 ` Dan Carpenter
1 sibling, 1 reply; 4+ messages in thread
From: yingche @ 2025-08-29 4:09 UTC (permalink / raw)
To: dan.carpenter, gregkh; +Cc: linux-staging, linux-kernel, yingche
Fix fortify_memcpy_chk warnings in rtw_BIP_verify() and
rtw_mgmt_xmitframe_coalesce() functions by using struct_group
to access consecutive address fields.
Changed memcpy calls to use &hdr->addrs instead of hdr->addr1
when copying 18 bytes (addr1 + addr2 + addr3).
This resolves 'detected read beyond size of field' warnings
by using the proper struct_group mechanism as suggested by
the compiler.
Signed-off-by: yingche <zxcv2569763104@gmail.com>
---
v2: Use sizeof() instead of magic number 18 (Dan Carpenter)
---
drivers/staging/rtl8723bs/core/rtw_security.c | 2 +-
drivers/staging/rtl8723bs/core/rtw_xmit.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
index 8367fd15c6b1..3d99d045f4b6 100644
--- a/drivers/staging/rtl8723bs/core/rtw_security.c
+++ b/drivers/staging/rtl8723bs/core/rtw_security.c
@@ -1363,7 +1363,7 @@ u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe)
ClearPwrMgt(BIP_AAD);
ClearMData(BIP_AAD);
/* conscruct AAD, copy address 1 to address 3 */
- memcpy(BIP_AAD+2, pwlanhdr->addr1, 18);
+ memcpy(BIP_AAD + 2, &pwlanhdr->addrs, sizeof(pwlanhdr->addrs));
if (omac1_aes_128(padapter->securitypriv.dot11wBIPKey[padapter->securitypriv.dot11wBIPKeyid].skey
, BIP_AAD, ori_len, mic))
diff --git a/drivers/staging/rtl8723bs/core/rtw_xmit.c b/drivers/staging/rtl8723bs/core/rtw_xmit.c
index 8c6841f078b4..21690857fd62 100644
--- a/drivers/staging/rtl8723bs/core/rtw_xmit.c
+++ b/drivers/staging/rtl8723bs/core/rtw_xmit.c
@@ -1209,7 +1209,7 @@ s32 rtw_mgmt_xmitframe_coalesce(struct adapter *padapter, struct sk_buff *pkt, s
ClearPwrMgt(BIP_AAD);
ClearMData(BIP_AAD);
/* conscruct AAD, copy address 1 to address 3 */
- memcpy(BIP_AAD+2, pwlanhdr->addr1, 18);
+ memcpy(BIP_AAD + 2, &pwlanhdr->addrs, sizeof(pwlanhdr->addrs));
/* copy management fram body */
memcpy(BIP_AAD+BIP_AAD_SIZE, MGMT_body, frame_body_len);
/* calculate mic */
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2] staging: rtl8723bs: fix fortify warnings by using struct_group
2025-08-29 4:09 ` [PATCH v2] " yingche
@ 2025-08-29 5:14 ` Dan Carpenter
0 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2025-08-29 5:14 UTC (permalink / raw)
To: yingche; +Cc: gregkh, linux-staging, linux-kernel
On Fri, Aug 29, 2025 at 12:09:06PM +0800, yingche wrote:
> Fix fortify_memcpy_chk warnings in rtw_BIP_verify() and
> rtw_mgmt_xmitframe_coalesce() functions by using struct_group
> to access consecutive address fields.
>
> Changed memcpy calls to use &hdr->addrs instead of hdr->addr1
> when copying 18 bytes (addr1 + addr2 + addr3).
>
> This resolves 'detected read beyond size of field' warnings
> by using the proper struct_group mechanism as suggested by
> the compiler.
>
> Signed-off-by: yingche <zxcv2569763104@gmail.com>
>
> ---
> v2: Use sizeof() instead of magic number 18 (Dan Carpenter)
Thanks!
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
regards,
dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-08-29 5:14 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-28 9:45 [RFC PATCH] staging: rtl8723bs: fix fortify warnings by using struct_group yingche
2025-08-28 13:02 ` Dan Carpenter
2025-08-29 4:09 ` [PATCH v2] " yingche
2025-08-29 5:14 ` Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox