openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

rt2x00: type bug in _rt2500usb_register_read() 

This code causes a static checker bug.

drivers/net/wireless/ralink/rt2x00/rt2500usb.c:232 _rt2500usb_register_read()
warn: passing casted pointer 'value' to 'rt2500usb_register_read()' 32 vs 16.

If the low 16 bits were initialized to zero then this code would only be
a problem on big endian systems.  But in this case this is case the low
16 bits are never initialized.  This is called from a function which is
created using a macro:

RT2X00DEBUGFS_OPS(csr, "0x%.8x\n", u32);

We end up copying uninitialized data to the user which is bogus and an
information leak.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This commit is contained in:
Dan Carpenter 2015-11-26 14:55:23 +03:00 committed by Kalle Valo
parent 5536f20a1c
commit 952348a5f8
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/net/wireless/ralink/rt2x00/rt2500usb.c
View File

@ -229,7 +229,10 @@ static void _rt2500usb_register_read(struct rt2x00_dev *rt2x00dev,
const unsigned int offset,
u32 *value)
{
rt2500usb_register_read(rt2x00dev, offset, (u16 *)value);
u16 tmp;
rt2500usb_register_read(rt2x00dev, offset, &tmp);
*value = tmp;
}
static void _rt2500usb_register_write(struct rt2x00_dev *rt2x00dev,