coverity scan results for urtwn
Andriy Voskoboinyk
avos at freebsd.org
Tue Dec 15 18:00:10 UTC 2015
Tue, 15 Dec 2015 19:56:18 +0200 було написано Adrian Chadd
<adrian at freebsd.org>:
> heh, wanna submit a fix? :)
>
Done. Thanks!
>
>
> -a
>
>
> On 15 December 2015 at 09:55, Andriy Voskoboinyk <s3erios at gmail.com>
> wrote:
>>> hiya,
>>>
>>> this popped up from the freebsd.org coverity scan:
>>>
>>>
>>>
>>> ________________________________________________________________________________________________________
>>> *** CID 1343338: Memory - illegal accesses (OVERRUN)
>>> /sys/dev/usb/wlan/if_urtwn.c: 4288 in urtwn_r88e_newassoc()
>>> 4282
>>> 4283 if (!isnew)
>>> 4284 return;
>>> 4285
>>> 4286 URTWN_NT_LOCK(sc);
>>> 4287 for (id = 0; id <= URTWN_MACID_MAX(sc); id++) {
>>>>>>
>>>>>> CID 1343338: Memory - illegal accesses (OVERRUN)
>>>>>> Overrunning array "sc->node_list" of 63 8-byte elements at
>>>>>> element
>>>>>> index 63 (byte offset 504) using index "id" (which evaluates to 63).
>>>
>>> 4288 if (id != URTWN_MACID_BC && sc->node_list[id]
>>> ==
>>> NULL) {
>>> 4289 un->id = id;
>>> 4290 sc->node_list[id] = ni;
>>> 4291 break;
>>> 4292 }
>>> 4293 }
>>>
>>> Would one of you figure it out?
>>>
>>> Thanks!
>>>
>>>
>>> -a
>>
>>
>> #define R88E_MACID_MAX 63
>> ...
>> struct ieee80211_node *node_list[R88E_MACID_MAX];
>>
>> of course, I mean here 64, not 63 (probably, it was a bad idea to
>> replace
>> first inaccessible element with last accessible).
> _______________________________________________
> freebsd-wireless at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
> To unsubscribe, send any mail to
> "freebsd-wireless-unsubscribe at freebsd.org"
More information about the freebsd-wireless
mailing list