In function mwifiex_set_ibss_params, the variable index may remain
zero if it is never altered inside the loop, leading to a potential
divide by zero problem.
Signed-off-by: Yiyuan GUO <[email protected]>
---
drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
index 0961f4a5e..afcdebdcf 100644
--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
@@ -2450,7 +2450,7 @@ static int mwifiex_set_ibss_params(struct mwifiex_private *priv,
config_bands = BAND_B;
} else {
config_bands = BAND_G;
- if (params->basic_rates % index)
+ if (index && (params->basic_rates % index))
config_bands |= BAND_B;
}
}
--
2.25.1
The bug is also reported in the bug tracker:
https://bugzilla.kernel.org/show_bug.cgi?id=212993
Yiyuan GUO <[email protected]> wrote:
> In function mwifiex_set_ibss_params, the variable index may remain
> zero if it is never altered inside the loop, leading to a potential
> divide by zero problem.
>
> Signed-off-by: Yiyuan GUO <[email protected]>
Brian explains in the report why the code is ok:
https://bugzilla.kernel.org/show_bug.cgi?id=212993#c1
Patch set to Rejected.
--
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
On Tue, Jun 15, 2021 at 6:31 AM Kalle Valo <[email protected]> wrote:
>
> Yiyuan GUO <[email protected]> wrote:
>
> > In function mwifiex_set_ibss_params, the variable index may remain
> > zero if it is never altered inside the loop, leading to a potential
> > divide by zero problem.
> >
> > Signed-off-by: Yiyuan GUO <[email protected]>
>
> Brian explains in the report why the code is ok:
> https://bugzilla.kernel.org/show_bug.cgi?id=212993#c1
Ah, forgot there was a patch for this too. FWIW, it's probably ok to
submit such a patch, if just for safety's sake (future refactoring?).
I just didn't figure it deserved an open "bug" entry, when it's
clearly not one.
> Patch set to Rejected.
That's fine with me.
Thanks,
Brian