* [RFC] rtw88: fix subscript above array bounds compiler warning
@ 2019-05-03 11:53 Stanislaw Gruszka
2019-05-03 12:01 ` Tony Chuang
0 siblings, 1 reply; 4+ messages in thread
From: Stanislaw Gruszka @ 2019-05-03 11:53 UTC (permalink / raw)
To: Tony Chuang; +Cc: linux-wireless
My compiler complain about:
drivers/net/wireless/realtek/rtw88/phy.c: In function ‘rtw_phy_rf_power_2_rssi’:
drivers/net/wireless/realtek/rtw88/phy.c:430:26: warning: array subscript is above array bounds [-Warray-bounds]
linear = db_invert_table[i][j];
According to comment power_db should be in range 1 ~ 96 .
Correct rtw_phy_power_2_db() to make max power 96 db
(still min is 0). This make the warning gone.
However power >= 20 check still looks somewhat suspicious to me.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
---
drivers/net/wireless/realtek/rtw88/phy.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c
index 35a35dbca85f..a716a44d78b0 100644
--- a/drivers/net/wireless/realtek/rtw88/phy.c
+++ b/drivers/net/wireless/realtek/rtw88/phy.c
@@ -410,12 +410,12 @@ void rtw_phy_dynamic_mechanism(struct rtw_dev *rtwdev)
static u8 rtw_phy_power_2_db(s8 power)
{
- if (power <= -100 || power >= 20)
+ if (power <= -96 || power >= 20)
return 0;
else if (power >= 0)
- return 100;
+ return 96;
else
- return 100 + power;
+ return 96 + power;
}
static u64 rtw_phy_db_2_linear(u8 power_db)
--
1.9.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* RE: [RFC] rtw88: fix subscript above array bounds compiler warning
2019-05-03 11:53 [RFC] rtw88: fix subscript above array bounds compiler warning Stanislaw Gruszka
@ 2019-05-03 12:01 ` Tony Chuang
2019-05-03 12:24 ` Stanislaw Gruszka
0 siblings, 1 reply; 4+ messages in thread
From: Tony Chuang @ 2019-05-03 12:01 UTC (permalink / raw)
To: Stanislaw Gruszka; +Cc: linux-wireless@vger.kernel.org
> Subject: [RFC] rtw88: fix subscript above array bounds compiler warning
>
> My compiler complain about:
>
> drivers/net/wireless/realtek/rtw88/phy.c: In function
> ‘rtw_phy_rf_power_2_rssi’:
> drivers/net/wireless/realtek/rtw88/phy.c:430:26: warning: array subscript is
> above array bounds [-Warray-bounds]
> linear = db_invert_table[i][j];
>
> According to comment power_db should be in range 1 ~ 96 .
> Correct rtw_phy_power_2_db() to make max power 96 db
> (still min is 0). This make the warning gone.
>
> However power >= 20 check still looks somewhat suspicious to me.
>
> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
> ---
> drivers/net/wireless/realtek/rtw88/phy.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/wireless/realtek/rtw88/phy.c
> b/drivers/net/wireless/realtek/rtw88/phy.c
> index 35a35dbca85f..a716a44d78b0 100644
> --- a/drivers/net/wireless/realtek/rtw88/phy.c
> +++ b/drivers/net/wireless/realtek/rtw88/phy.c
> @@ -410,12 +410,12 @@ void rtw_phy_dynamic_mechanism(struct rtw_dev
> *rtwdev)
>
> static u8 rtw_phy_power_2_db(s8 power)
> {
> - if (power <= -100 || power >= 20)
> + if (power <= -96 || power >= 20)
> return 0;
> else if (power >= 0)
> - return 100;
> + return 96;
> else
> - return 100 + power;
> + return 96 + power;
> }
>
> static u64 rtw_phy_db_2_linear(u8 power_db)
> --
I think I should check with the radio team, that if the power from the
rx descriptor generated by hardware can possibly get >= 20
And also check what the actual logic they expected to deal with the power.
Thanks for reporting it.
Yan-Hsuan
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [RFC] rtw88: fix subscript above array bounds compiler warning
2019-05-03 12:01 ` Tony Chuang
@ 2019-05-03 12:24 ` Stanislaw Gruszka
2019-05-06 3:42 ` Tony Chuang
0 siblings, 1 reply; 4+ messages in thread
From: Stanislaw Gruszka @ 2019-05-03 12:24 UTC (permalink / raw)
To: Tony Chuang; +Cc: linux-wireless@vger.kernel.org
On Fri, May 03, 2019 at 12:01:05PM +0000, Tony Chuang wrote:
> > Subject: [RFC] rtw88: fix subscript above array bounds compiler warning
> >
> > My compiler complain about:
> >
> > drivers/net/wireless/realtek/rtw88/phy.c: In function
> > ‘rtw_phy_rf_power_2_rssi’:
> > drivers/net/wireless/realtek/rtw88/phy.c:430:26: warning: array subscript is
> > above array bounds [-Warray-bounds]
> > linear = db_invert_table[i][j];
> >
> > According to comment power_db should be in range 1 ~ 96 .
> > Correct rtw_phy_power_2_db() to make max power 96 db
> > (still min is 0). This make the warning gone.
> >
> > However power >= 20 check still looks somewhat suspicious to me.
> >
> > Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
> > ---
> > drivers/net/wireless/realtek/rtw88/phy.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/net/wireless/realtek/rtw88/phy.c
> > b/drivers/net/wireless/realtek/rtw88/phy.c
> > index 35a35dbca85f..a716a44d78b0 100644
> > --- a/drivers/net/wireless/realtek/rtw88/phy.c
> > +++ b/drivers/net/wireless/realtek/rtw88/phy.c
> > @@ -410,12 +410,12 @@ void rtw_phy_dynamic_mechanism(struct rtw_dev
> > *rtwdev)
> >
> > static u8 rtw_phy_power_2_db(s8 power)
> > {
> > - if (power <= -100 || power >= 20)
> > + if (power <= -96 || power >= 20)
> > return 0;
> > else if (power >= 0)
> > - return 100;
> > + return 96;
> > else
> > - return 100 + power;
> > + return 96 + power;
> > }
> >
> > static u64 rtw_phy_db_2_linear(u8 power_db)
> > --
>
> I think I should check with the radio team, that if the power from the
> rx descriptor generated by hardware can possibly get >= 20
>
> And also check what the actual logic they expected to deal with the power.
> Thanks for reporting it.
Yeah, this could be just teoretical issue as we can not get power
values >= 0 from HW. However I think compiler correctly complains, as
for power_db=100 we get i = ((100 - 1) >> 3) = 12 , what exceed by one
max first index of db_invert_table[][], which should be in range
0 - 11.
Stanislaw
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [RFC] rtw88: fix subscript above array bounds compiler warning
2019-05-03 12:24 ` Stanislaw Gruszka
@ 2019-05-06 3:42 ` Tony Chuang
0 siblings, 0 replies; 4+ messages in thread
From: Tony Chuang @ 2019-05-06 3:42 UTC (permalink / raw)
To: Stanislaw Gruszka; +Cc: linux-wireless@vger.kernel.org
> Subject: Re: [RFC] rtw88: fix subscript above array bounds compiler warning
>
> On Fri, May 03, 2019 at 12:01:05PM +0000, Tony Chuang wrote:
> > > Subject: [RFC] rtw88: fix subscript above array bounds compiler warning
> > >
> > > My compiler complain about:
> > >
> > > drivers/net/wireless/realtek/rtw88/phy.c: In function
> > > ‘rtw_phy_rf_power_2_rssi’:
> > > drivers/net/wireless/realtek/rtw88/phy.c:430:26: warning: array subscript is
> > > above array bounds [-Warray-bounds]
> > > linear = db_invert_table[i][j];
> > >
> > > According to comment power_db should be in range 1 ~ 96 .
> > > Correct rtw_phy_power_2_db() to make max power 96 db
> > > (still min is 0). This make the warning gone.
> > >
> > > However power >= 20 check still looks somewhat suspicious to me.
> > >
> > > Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
> > > ---
> > > drivers/net/wireless/realtek/rtw88/phy.c | 6 +++---
> > > 1 file changed, 3 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/drivers/net/wireless/realtek/rtw88/phy.c
> > > b/drivers/net/wireless/realtek/rtw88/phy.c
> > > index 35a35dbca85f..a716a44d78b0 100644
> > > --- a/drivers/net/wireless/realtek/rtw88/phy.c
> > > +++ b/drivers/net/wireless/realtek/rtw88/phy.c
> > > @@ -410,12 +410,12 @@ void rtw_phy_dynamic_mechanism(struct
> rtw_dev
> > > *rtwdev)
> > >
> > > static u8 rtw_phy_power_2_db(s8 power)
> > > {
> > > - if (power <= -100 || power >= 20)
> > > + if (power <= -96 || power >= 20)
> > > return 0;
> > > else if (power >= 0)
> > > - return 100;
> > > + return 96;
> > > else
> > > - return 100 + power;
> > > + return 96 + power;
> > > }
> > >
> > > static u64 rtw_phy_db_2_linear(u8 power_db)
> > > --
> >
> > I think I should check with the radio team, that if the power from the
> > rx descriptor generated by hardware can possibly get >= 20
> >
> > And also check what the actual logic they expected to deal with the power.
> > Thanks for reporting it.
>
> Yeah, this could be just teoretical issue as we can not get power
> values >= 0 from HW. However I think compiler correctly complains, as
> for power_db=100 we get i = ((100 - 1) >> 3) = 12 , what exceed by one
> max first index of db_invert_table[][], which should be in range
> 0 - 11.
>
I checked it. The power sum could actually be like 20 or something.
And the recommended modification is to restrict the value used for array
subscript between 1~96 before access the array. Such as:
@@ -578,6 +578,11 @@ static u64 rtw_phy_db_2_linear(u8 power_db)
u8 i, j;
u64 linear;
+ if (power_db > 96)
+ power_db = 96;
+ else if (power_db < 1)
+ return 1;
+
/* 1dB ~ 96dB */
i = (power_db - 1) >> 3;
j = (power_db - 1) - (i << 3);
Yan-Hsuan
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-05-06 3:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-03 11:53 [RFC] rtw88: fix subscript above array bounds compiler warning Stanislaw Gruszka
2019-05-03 12:01 ` Tony Chuang
2019-05-03 12:24 ` Stanislaw Gruszka
2019-05-06 3:42 ` Tony Chuang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).