coverity scan results for urtwn
Andriy Voskoboinyk
s3erios at gmail.com
Tue Dec 15 17:55:42 UTC 2015
> hiya,
>
> this popped up from the freebsd.org coverity scan:
>
>
> ________________________________________________________________________________________________________
> *** CID 1343338: Memory - illegal accesses (OVERRUN)
> /sys/dev/usb/wlan/if_urtwn.c: 4288 in urtwn_r88e_newassoc()
> 4282
> 4283 if (!isnew)
> 4284 return;
> 4285
> 4286 URTWN_NT_LOCK(sc);
> 4287 for (id = 0; id <= URTWN_MACID_MAX(sc); id++) {
>>>> CID 1343338: Memory - illegal accesses (OVERRUN)
>>>> Overrunning array "sc->node_list" of 63 8-byte elements at
>>>> element index 63 (byte offset 504) using index "id" (which evaluates
>>>> to 63).
> 4288 if (id != URTWN_MACID_BC && sc->node_list[id] ==
> NULL) {
> 4289 un->id = id;
> 4290 sc->node_list[id] = ni;
> 4291 break;
> 4292 }
> 4293 }
>
> Would one of you figure it out?
>
> Thanks!
>
>
> -a
#define R88E_MACID_MAX 63
...
struct ieee80211_node *node_list[R88E_MACID_MAX];
of course, I mean here 64, not 63 (probably, it was a bad idea to replace
first inaccessible element with last accessible).
More information about the freebsd-wireless
mailing list