source: branches/chaos_calmer/package/kernel/mac80211/patches/351-0040-brcmfmac-rework-pointer-trickery-in-brcmf_proto_bcdc.patch @ 49407

Last change on this file since 49407 was 49407, checked in by rmilecki, 12 months ago

mac80211: brcmfmac: backport changes from 2016-09-27

This fixes memory leaks, some possible crashes and bug that could cause
WARNING on every add_key/del_key call. It also replaces WARNING with
a simple message. They may still occur e.g. on station going out of
range and A-MPDU stall in the firmware.

Signed-off-by: Rafał Miłecki <rafal@…>

File size: 1.2 KB
  • drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcdc.c

    From 704d1c6b56f4ee2ad6a5f012a72a278d17c1a223 Mon Sep 17 00:00:00 2001
    From: Arend Van Spriel <arend.vanspriel@broadcom.com>
    Date: Mon, 19 Sep 2016 12:09:52 +0100
    Subject: [PATCH] brcmfmac: rework pointer trickery in
     brcmf_proto_bcdc_query_dcmd()
    
    The variable info is assigned to point to bcdc->msg[1], which is the
    same as pointing to bcdc->buf. As that is what we want to access
    make it clear by fixing the assignment. This also avoid out-of-bounds
    errors from static analyzers are bcdc->msg[1] is not in the structure
    definition.
    
    Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
    Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
    Reviewed-by: Franky Lin <franky.lin@broadcom.com>
    Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
    Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
    ---
     drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcdc.c | 2 +-
     1 file changed, 1 insertion(+), 1 deletion(-)
    
    a b retry: 
    194194        } 
    195195 
    196196        /* Check info buffer */ 
    197         info = (void *)&msg[1]; 
     197        info = (void *)&bcdc->buf[0]; 
    198198 
    199199        /* Copy info buffer */ 
    200200        if (buf) { 
Note: See TracBrowser for help on using the repository browser.