From: Dan Carpenter <dan.carpenter@oracle.com>
To: dcbw@redhat.com
Cc: linux-wireless@vger.kernel.org
Subject: re: airo: clean up and clarify interrupt-time task handling
Date: Fri, 10 Oct 2014 15:49:46 +0300 [thread overview]
Message-ID: <20141010124946.GA14358@mwanda> (raw)
Hello Dan Williams,
The patch f55d4517ebdd: "airo: clean up and clarify interrupt-time
task handling" from Jan 24, 2009, leads to the following static
checker warning:
drivers/net/wireless/airo.c:3373 airo_handle_rx()
warn: XXX pointer math issue ('buffer' is a 2 byte pointer)
drivers/net/wireless/airo.c
3282 static void airo_handle_rx(struct airo_info *ai)
3283 {
3284 struct sk_buff *skb = NULL;
3285 __le16 fc, v, *buffer, tmpbuf[4];
3286 u16 len, hdrlen = 0, gap, fid;
3287 struct rx_hdr hdr;
3288 int success = 0;
3289
[ snip ]
3354 } else {
3355 MICBuffer micbuf;
3356
3357 bap_read(ai, buffer, ETH_ALEN * 2, BAP0);
3358 if (ai->micstats.enabled) {
3359 bap_read(ai, (__le16 *) &micbuf, sizeof (micbuf), BAP0);
3360 if (ntohs(micbuf.typelen) > 0x05DC)
3361 bap_setup(ai, fid, 0x44, BAP0);
3362 else {
3363 if (len <= sizeof (micbuf)) {
3364 dev_kfree_skb_irq(skb);
3365 goto done;
3366 }
3367
3368 len -= sizeof(micbuf);
3369 skb_trim(skb, len + hdrlen);
3370 }
3371 }
3372
3373 bap_read(ai, buffer + ETH_ALEN, len, BAP0);
^^^^^^^^^^^^^^^^^
It's really unusual to use ETH_ALEN to represent 12 bytes. Normally
it is a bug when people do that. But looking at the context it be
intentional here... It's not clear.
3374 if (decapsulate(ai, &micbuf, (etherHead*) buffer, len))
3375 dev_kfree_skb_irq (skb);
3376 else
3377 success = 1;
3378 }
regards,
dan carpenter
reply other threads:[~2014-10-10 12:50 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141010124946.GA14358@mwanda \
--to=dan.carpenter@oracle.com \
--cc=dcbw@redhat.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).