Received: by 2002:ab2:6486:0:b0:1ef:eae8:a797 with SMTP id de6csp95528lqb;
        Fri, 15 Mar 2024 16:59:01 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCXgUsatbgHXkqoasLiC/7zFc9wY46bsMm8gys59mk11prtNuhgTl7rlsbt7sbAY4/JLHGPGwkCPFs3Hy+8QuAcMWSbHfs6XgPkdubWq6A==
X-Google-Smtp-Source: AGHT+IF/udTHsY1K1rEHMNgFF2wE6r33iM+Sme+vLa20mkSrvsZd2yB0tobqYv0wjs7h+uQSvjzp
X-Received: by 2002:a50:9fa6:0:b0:568:b4d9:82dd with SMTP id c35-20020a509fa6000000b00568b4d982ddmr1641378edf.23.1710547141376;
        Fri, 15 Mar 2024 16:59:01 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1710547141; cv=pass;
        d=google.com; s=arc-20160816;
        b=Mj0fR3nPDEZ9jEHlye7r4bwUbyOnRNePh73VOE+bxVU7glBVWHY9FXmdS/j9g0Ewho
         MCToSeDjB4QqF8rGGYI4g8miPeetoXPtbPRe8ymuf8E8wxqaOGQmsQVBtvzoacmdNu5w
         lMHCX0Ha+Tze9CTaeQZGepARlFsIBQjAiQVIKJrKl4NKgJwwhmUo+HAGpB9vY9U4GZOR
         tLOlR4SmQJuPXGzVd8/M+8Y16PFmjjXX6XDMtlV579DrxwJ6jUAGyEvmbOzJ78SJPewI
         D+0GubeHz949hYM+/KKOAY7BsFg5H05IhdRrjxqPdLC9yvPUgRPFMXa7jeUH5HqV0XWD
         L/dA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=gODwLtGoFUSzKln03siQ+IUa2xpmQmoK78tuikRkx3M=;
        fh=dMNjGQWRUQ0Qr2tH+p+SjpZR7qV04frrnqTIPKWxv/M=;
        b=jZqfbIvqmRt2SbuVchksZmh5HVXb/PS11y/KJthEDkYPp8E1+Uibz+1ZnyUE8WmI3x
         Iz6iN2gU9LfskyL0G6YIHxPc9yDqN3iOtx+7U+B6o98FXmHcCKj5w5EYJuRqHdqeTT3U
         9/zmrItkSuvyoNYMoESO9MT2ryyqCpuIYo5nGlOEA94sNd3+cPBzEk9knJgFLILFmOPx
         E12fxYwoFBVkw6FPryMDvFAqJGxEh0vVnrYGqmrzOCcwOND8hWtaIQdlNRI80qA7f8Y8
         cgfCWx9S67wF3QsOfrCnl5m6QY+XufOhNYT+dX8HKrjRV1M0N3ErSqwJFkzbYevKANHo
         ZlXQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=c058IzQz;
       arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org);
       spf=pass (google.com: domain of linux-wireless+bounces-4794-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4794-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-wireless+bounces-4794-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id t22-20020aa7d716000000b005610b045ec0si2244044edq.533.2024.03.15.16.59.01
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 15 Mar 2024 16:59:01 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-wireless+bounces-4794-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=c058IzQz;
       arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org);
       spf=pass (google.com: domain of linux-wireless+bounces-4794-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-wireless+bounces-4794-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 1F8481F22CAF
	for <linux.lists.archive@gmail.com>; Fri, 15 Mar 2024 23:59:01 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 9C5D25A7A4;
	Fri, 15 Mar 2024 23:58:46 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="c058IzQz"
X-Original-To: linux-wireless@vger.kernel.org
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1AFDA4D9FF
	for <linux-wireless@vger.kernel.org>; Fri, 15 Mar 2024 23:58:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710547126; cv=none; b=uPowed4jMfxR7cSTGSX4zK4DzdxE2rAuw/NDyucxVqg5X6jSPrKl2KYAXA17Pz+dODz4BorZBmatdyVr1pxAHk97GqmhHwHBceKixq7bAEi1r5etb/K6YQn9w4iXe6IkDjZXkDuB6McjAz92QEPY84oDiW94rXPuibuIHoC/Yas=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710547126; c=relaxed/simple;
	bh=gODwLtGoFUSzKln03siQ+IUa2xpmQmoK78tuikRkx3M=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=hIHX1n8ShbMpOL2PLsOq7pFnqd0EYAOTyUgN7sZbYV+raJf7vh17v5q5Ar1+cularTfy3jbDpxU8gmLQl9BY9bINNWNENYUl6eMYQMLHkvACemQAXtusfJYbeGloTtTDWO0LsLqO/dXBc0qL4qqHwZzAutWddj8TgZR1uk9wtco=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=c058IzQz; arc=none smtp.client-ip=209.85.214.182
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org
Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1def2a1aafaso8120645ad.3
        for <linux-wireless@vger.kernel.org>; Fri, 15 Mar 2024 16:58:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1710547124; x=1711151924; darn=vger.kernel.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=gODwLtGoFUSzKln03siQ+IUa2xpmQmoK78tuikRkx3M=;
        b=c058IzQz2tZsj1RpNyJEL3HtBzkzmqLmEFPsBLQzUSDXyQH9eNviIeu4GW7iEhoqWM
         LVqPnjb4IFxGRXLGYsVfhHVBd7As+6Wm7ckLBnxc/jB93xO98yOtL7OdPhJgo7fdD+zL
         4r91OGUKR+Ajmrw/W8ku+irTYjkRTW6x0649Y=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710547124; x=1711151924;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=gODwLtGoFUSzKln03siQ+IUa2xpmQmoK78tuikRkx3M=;
        b=e0J01qTq1VXVh+yoCf43gL8Jntv8Cg0+r9UIykDi2qavQ24vNw9plO2TVsf8eEsAJP
         O00xXIP0O1Mc2lJVUJLz7UVU0OBsBPZ+IsaLMTB9LRsfV5dC3YhJo/fq03Q++XCT4hzH
         PSxkl7zLdU9J7U0Z/fzmOuB8d9uwUz05IiGyF57GRdtASwXMhZJa4ynHcADCNV6hcvl2
         2VojC+nmVF4ka5jOmvrok9COS8ogGgNQAvWB6j3bM2KtIu6RMM4p0Mb0euIJXrxUj7wo
         JQcMmL4SSbz70sYV/CaPwg3RvEyEMDcN2ZJEwZCtG/RwBR62Ts9B3rsVAYwKikPeFShY
         Wwaw==
X-Forwarded-Encrypted: i=1; AJvYcCVRIGEk2SRhekruXU8ttD2d8JknZ77iqR1f2Iq8xtp5/CtKavaqOhDVg1cdWDekNXrea6BfsZRxhzYMH0Argb34mwb8GL3xikAflAVnR8c=
X-Gm-Message-State: AOJu0YyLMmlFHWvly5yxfQSq+cYyo0aB6NLYHVahtrKsaenbvWCFACTc
	P3XvzDV693rrps9SpXo7BI4DuTm4AuVSW4sR1A8GsRTbCyJ4vVA6l5YytWnMcw==
X-Received: by 2002:a17:902:e84e:b0:1dd:abc2:a028 with SMTP id t14-20020a170902e84e00b001ddabc2a028mr5599960plg.12.1710547124454;
        Fri, 15 Mar 2024 16:58:44 -0700 (PDT)
Received: from localhost ([2620:15c:9d:2:39af:f807:ea8f:1b15])
        by smtp.gmail.com with UTF8SMTPSA id f7-20020a17090274c700b001dd6da21e30sm4440121plt.231.2024.03.15.16.58.43
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 15 Mar 2024 16:58:43 -0700 (PDT)
Date: Fri, 15 Mar 2024 16:58:42 -0700
From: Brian Norris <briannorris@chromium.org>
To: Chenyuan Yang <chenyuan0y@gmail.com>
Cc: kvalo@kernel.org, johannes.berg@intel.com, horms@kernel.org,
	trix@redhat.com, linux-wireless@vger.kernel.org, zzjas98@gmail.com
Subject: Re: [drivers/net/wireless/marvell] Question about a possible
 underflow in mwifiex_11h_handle_chanrpt_ready()
Message-ID: <ZfTgssw_1KBThqGT@google.com>
References: <ZfN4WHuqOIrO4Ef2@cy-server>
Precedence: bulk
X-Mailing-List: linux-wireless@vger.kernel.org
List-Id: <linux-wireless.vger.kernel.org>
List-Subscribe: <mailto:linux-wireless+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-wireless+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ZfN4WHuqOIrO4Ef2@cy-server>

On Thu, Mar 14, 2024 at 05:21:12PM -0500, Chenyuan Yang wrote:
> We are curious whether `event_len` is guaranteed to be greater than or
> equal to `tlv_len + sizeof(rpt->header)` in each iteration since we
> found that `sizeof(struct mwifiex_ie_types_header) ==
> sizeof(rpt->header)`.

You have the code available to look at just as well as we do. I don't
see any such guarantee on first glance.

Patches welcome as always.
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Brian