2024-06-04 19:30:48

by Johannes Berg

[permalink] [raw]
Subject: Re: [PATCH v2] wifi: mac80211: Avoid address calculations via out of bounds array indexing

On Tue, 2024-06-04 at 14:53 -0400, Kenton Groombridge wrote:
> On 24/05/29 04:54PM, Johannes Berg wrote:
> > On Fri, 2024-05-17 at 10:54 -0400, Kenton Groombridge wrote:
> > > req->n_channels must be set before req->channels[] can be used.
> > >
> >
> > I don't know why, but this patch breaks a number of hwsim test cases.
> >
> > https://w1.fi/cgit/hostap/tree/tests/hwsim/
> >
> > johannes
>
> Pardon my absence.
>
> I'm also not sure why these tests are failing. Unless I'm missing
> something, the runtime behavior of these code paths shouldn't have
> changed significantly.
>

Looking at your patch again, this seems wrong?

> + local->hw_scan_req->req.channels[*n_chans++] =
> req->channels[i];
>

This will increment n_chans rather than *n_chans, no?

johannes