LinuxLists.cc - [PATCH] wifi: mt76: fix coverity uninit_use_in_call in mt76_connac2_reverse_frag0_hdr

2022-12-07 09:36:28

Subject: [PATCH] wifi: mt76: fix coverity uninit_use_in_call in mt76_connac2_reverse_frag0_hdr_trans()

The default case for frame_contorl is invalid. We should always
assign addr3 of this frame properly.

Coverity error message:
if (ieee80211_has_a4(hdr.frame_control))
(19) Event uninit_use_in_call: Using uninitialized value "hdr".
Field "hdr.addr3" is uninitialized when calling "memcpy".
memcpy(skb_push(skb, sizeof(hdr)), &hdr, sizeof(hdr));
else
memcpy(skb_push(skb, sizeof(hdr) - 6), &hdr, sizeof(hdr) - 6);

Signed-off-by: Deren Wu <[email protected]>
---
drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c b/drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c
index fd60123fb284..c8d0c84e688b 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c
@@ -930,7 +930,7 @@ int mt76_connac2_reverse_frag0_hdr_trans(struct ieee80211_vif *vif,
ether_addr_copy(hdr.addr4, eth_hdr->h_source);
break;
default:
- break;
+ return -EINVAL;
}

skb_pull(skb, hdr_offset + sizeof(struct ethhdr) - 2);
--
2.18.0

2022-12-07 13:24:33

by AngeloGioacchino Del Regno

[permalink] [raw]

Subject: Re: [PATCH] wifi: mt76: fix coverity uninit_use_in_call in mt76_connac2_reverse_frag0_hdr_trans()

Il 07/12/22 10:22, Deren Wu ha scritto:
> The default case for frame_contorl is invalid. We should always
> assign addr3 of this frame properly.
>
> Coverity error message:
> if (ieee80211_has_a4(hdr.frame_control))
> (19) Event uninit_use_in_call: Using uninitialized value "hdr".
> Field "hdr.addr3" is uninitialized when calling "memcpy".
> memcpy(skb_push(skb, sizeof(hdr)), &hdr, sizeof(hdr));
> else
> memcpy(skb_push(skb, sizeof(hdr) - 6), &hdr, sizeof(hdr) - 6);
>
> Signed-off-by: Deren Wu <[email protected]>

Please add the appropriate Fixes tag to this commit.

Thanks,
Angelo

2022-12-07 15:35:52

by Deren Wu

[permalink] [raw]

Subject: Re: [PATCH] wifi: mt76: fix coverity uninit_use_in_call in mt76_connac2_reverse_frag0_hdr_trans()

On Wed, 2022-12-07 at 14:17 +0100, AngeloGioacchino Del Regno wrote:
> Il 07/12/22 10:22, Deren Wu ha scritto:
> > The default case for frame_contorl is invalid. We should always
> > assign addr3 of this frame properly.
> >
> > Coverity error message:
> > if (ieee80211_has_a4(hdr.frame_control))
> > (19) Event uninit_use_in_call: Using uninitialized value
> > "hdr".
> > Field "hdr.addr3" is uninitialized when calling "memcpy".
> > memcpy(skb_push(skb, sizeof(hdr)), &hdr, sizeof(hdr));
> > else
> > memcpy(skb_push(skb, sizeof(hdr) - 6), &hdr, sizeof(hdr) - 6);
> >
> > Signed-off-by: Deren Wu <[email protected]>
>
> Please add the appropriate Fixes tag to this commit.
>
> Thanks,
> Angelo
>
Thanks, Angelo. I will post a new version with Fixes tag.