2023-01-17 11:05:53

by Alexey V. Vissarionov

[permalink] [raw]
Subject: [PATCH] ath6kl: minor fix for allocation size

Although the "param" pointer occupies more or equal space compared
to "*param", the allocation size should use the size of variable
itself.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: bdcd81707973cf8a ("Add ath6kl cleaned up driver")
Signed-off-by: Alexey V. Vissarionov <[email protected]>

diff --git a/drivers/net/wireless/ath/ath6kl/bmi.c b/drivers/net/wireless/ath/ath6kl/bmi.c
index bde5a10d470c8e74..af98e871199d317f 100644
--- a/drivers/net/wireless/ath/ath6kl/bmi.c
+++ b/drivers/net/wireless/ath/ath6kl/bmi.c
@@ -246,7 +246,7 @@ int ath6kl_bmi_execute(struct ath6kl *ar, u32 addr, u32 *param)
return -EACCES;
}

- size = sizeof(cid) + sizeof(addr) + sizeof(param);
+ size = sizeof(cid) + sizeof(addr) + sizeof(*param);
if (size > ar->bmi.max_cmd_size) {
WARN_ON(1);
return -EINVAL;



--
Alexey V. Vissarionov
gremlin ??? altlinux ??? org; +vii-cmiii-ccxxix-lxxix-xlii
GPG: 0D92F19E1C0DC36E27F61A29CD17E2B43D879005 @ hkp://keys.gnupg.net

Attachments:
(No filename) (1.00 kB)
 signature.asc (817.00 B)
 Download all attachments

2023-01-17 15:29:03

by Simon Horman

[permalink] [raw]
Subject: Re: [PATCH] ath6kl: minor fix for allocation size

On Tue, Jan 17, 2023 at 02:04:14PM +0300, Alexey V. Vissarionov wrote:
> Although the "param" pointer occupies more or equal space compared
> to "*param", the allocation size should use the size of variable
> itself.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: bdcd81707973cf8a ("Add ath6kl cleaned up driver")
> Signed-off-by: Alexey V. Vissarionov <[email protected]>

Reviewed-by: Simon Horman <[email protected]>

2023-02-17 16:03:25

by Kalle Valo

[permalink] [raw]
Subject: Re: [PATCH] ath6kl: minor fix for allocation size

"Alexey V. Vissarionov" <[email protected]> wrote:

> Although the "param" pointer occupies more or equal space compared
> to "*param", the allocation size should use the size of variable
> itself.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: bdcd81707973cf8a ("Add ath6kl cleaned up driver")
> Signed-off-by: Alexey V. Vissarionov <[email protected]>
> Signed-off-by: Kalle Valo <[email protected]>

Patch applied to ath-next branch of ath.git, thanks.

778f83f889e7 wifi: ath6kl: minor fix for allocation size

--
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches