Although the "param" pointer occupies more or equal space compared
to "*param", the allocation size should use the size of variable
itself.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: bdcd81707973cf8a ("Add ath6kl cleaned up driver")
Signed-off-by: Alexey V. Vissarionov <[email protected]>
diff --git a/drivers/net/wireless/ath/ath6kl/bmi.c b/drivers/net/wireless/ath/ath6kl/bmi.c
index bde5a10d470c8e74..af98e871199d317f 100644
--- a/drivers/net/wireless/ath/ath6kl/bmi.c
+++ b/drivers/net/wireless/ath/ath6kl/bmi.c
@@ -246,7 +246,7 @@ int ath6kl_bmi_execute(struct ath6kl *ar, u32 addr, u32 *param)
return -EACCES;
}
- size = sizeof(cid) + sizeof(addr) + sizeof(param);
+ size = sizeof(cid) + sizeof(addr) + sizeof(*param);
if (size > ar->bmi.max_cmd_size) {
WARN_ON(1);
return -EINVAL;
--
Alexey V. Vissarionov
gremlin ??? altlinux ??? org; +vii-cmiii-ccxxix-lxxix-xlii
GPG: 0D92F19E1C0DC36E27F61A29CD17E2B43D879005 @ hkp://keys.gnupg.net
On Tue, Jan 17, 2023 at 02:04:14PM +0300, Alexey V. Vissarionov wrote:
> Although the "param" pointer occupies more or equal space compared
> to "*param", the allocation size should use the size of variable
> itself.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: bdcd81707973cf8a ("Add ath6kl cleaned up driver")
> Signed-off-by: Alexey V. Vissarionov <[email protected]>
Reviewed-by: Simon Horman <[email protected]>
"Alexey V. Vissarionov" <[email protected]> wrote:
> Although the "param" pointer occupies more or equal space compared
> to "*param", the allocation size should use the size of variable
> itself.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: bdcd81707973cf8a ("Add ath6kl cleaned up driver")
> Signed-off-by: Alexey V. Vissarionov <[email protected]>
> Signed-off-by: Kalle Valo <[email protected]>
Patch applied to ath-next branch of ath.git, thanks.
778f83f889e7 wifi: ath6kl: minor fix for allocation size
--
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches