Hello,
I've written a new kind of Smatch check that generates this warning:
drivers/net/wireless/ipw2x00/libipw_rx.c:1303 libipw_parse_info_param()
warn: potentially allocating too little.
drivers/net/wireless/ipw2x00/libipw_rx.c
1300 case WLAN_EID_IBSS_DFS:
1301 if (network->ibss_dfs)
1302 break;
1303 network->ibss_dfs = kmemdup(info_element->data,
1304 info_element->len,
The problem is that smatch marks "info_element->len" as untrusted data
because it comes from skb->data. "network->ibss_dfs" is a 9 character
struct. We're not necessarily allocating enough space for that.
So far as I can see this is harmless because we never use ->ibss_dfs
and we should just delete it along with all the related code?
1305 GFP_ATOMIC);
1306 if (!network->ibss_dfs)
1307 return 1;
1308 network->flags |= NETWORK_HAS_IBSS_DFS;
1309 break;
regards,
dan carpenter
Hello Dan,
> So far as I can see this is harmless because we never use ->ibss_dfs
> and we should just delete it along with all the related code?
Yes, you are right. This code is not used by ipw2x00 driver, so it can
be deleted. Will you send a patch?
Stanislav.