[PATCH 6.12.y] wifi: remove zero-length arrays

Linux wireless drivers development
 help / color / mirror / Atom feed

From: Carlos Llamas <cmllamas@google.com>
To: stable@vger.kernel.org
Cc: yichenyu@google.com, kernel-team@android.com,
	 Johannes Berg <johannes.berg@intel.com>,
	 syzbot+fd222bb38e916df26fa4@syzkaller.appspotmail.com,
	 Carlos Llamas <cmllamas@google.com>,
	Lachlan Hodges <lachlan.hodges@morsemicro.com>,
	 "open list:802.11 (including CFG80211/NL80211)"
	<linux-wireless@vger.kernel.org>,
	open list <linux-kernel@vger.kernel.org>
Subject: [PATCH 6.12.y] wifi: remove zero-length arrays
Date: Mon,  8 Jun 2026 13:32:16 +0000	[thread overview]
Message-ID: <20260608133216.1396790-1-cmllamas@google.com> (raw)

From: Johannes Berg <johannes.berg@intel.com>

commit a85b8544d46390469b6ca72d6bfd3ecb7be985ff upstream.

All of these are really meant to be variable-length, and
in the case of s1g_beacon it's actually accessed. Make that
one in particular, and a couple of others (that aren't used
as arrays now), actually variable.

Reported-by: syzbot+fd222bb38e916df26fa4@syzkaller.appspotmail.com
Fixes: 1e1f706fc2ce ("wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements")
Link: https://patch.msgid.link/20250614003037.a3e82e882251.I2e8b58e56ff2a9f8b06c66f036578b7c1d4e4685@changeid
Change-Id: I699f1aaaf11005b45a189bfe164e65c5e2c8a6ce
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Carlos Llamas <cmllamas@google.com>
---
 include/linux/ieee80211.h | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index abb069aa5fa5..85bf3ac6db57 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -1266,7 +1266,7 @@ struct ieee80211_ext {
 			u8 sa[ETH_ALEN];
 			__le32 timestamp;
 			u8 change_seq;
-			u8 variable[0];
+			u8 variable[];
 		} __packed s1g_beacon;
 	} u;
 } __packed __aligned(2);
@@ -1522,7 +1522,7 @@ struct ieee80211_mgmt {
 					u8 action_code;
 					u8 dialog_token;
 					__le16 capability;
-					u8 variable[0];
+					u8 variable[];
 				} __packed tdls_discover_resp;
 				struct {
 					u8 action_code;
@@ -1690,35 +1690,35 @@ struct ieee80211_tdls_data {
 		struct {
 			u8 dialog_token;
 			__le16 capability;
-			u8 variable[0];
+			u8 variable[];
 		} __packed setup_req;
 		struct {
 			__le16 status_code;
 			u8 dialog_token;
 			__le16 capability;
-			u8 variable[0];
+			u8 variable[];
 		} __packed setup_resp;
 		struct {
 			__le16 status_code;
 			u8 dialog_token;
-			u8 variable[0];
+			u8 variable[];
 		} __packed setup_cfm;
 		struct {
 			__le16 reason_code;
-			u8 variable[0];
+			u8 variable[];
 		} __packed teardown;
 		struct {
 			u8 dialog_token;
-			u8 variable[0];
+			u8 variable[];
 		} __packed discover_req;
 		struct {
 			u8 target_channel;
 			u8 oper_class;
-			u8 variable[0];
+			u8 variable[];
 		} __packed chan_switch_req;
 		struct {
 			__le16 status_code;
-			u8 variable[0];
+			u8 variable[];
 		} __packed chan_switch_resp;
 	} u;
 } __packed;
-- 
2.54.0.1032.g2f8565e1d1-goog

next             reply	other threads:[~2026-06-08 13:32 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-08 13:32 Carlos Llamas [this message]
2026-06-09  0:51 ` [PATCH 6.12.y] wifi: remove zero-length arrays Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:abb069aa5fa dfblob:85bf3ac6db5 )
 OR (
bs:"[PATCH 6.12.y] wifi: remove zero-length arrays" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260608133216.1396790-1-cmllamas@google.com \
    --to=cmllamas@google.com \
    --cc=johannes.berg@intel.com \
    --cc=kernel-team@android.com \
    --cc=lachlan.hodges@morsemicro.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=syzbot+fd222bb38e916df26fa4@syzkaller.appspotmail.com \
    --cc=yichenyu@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox