openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

staging: r8188eu: Fix some smatch errors in core/rtw_efuse.c 

Smatch reports the following situations:

drivers/staging/rtl8188eu/core/rtw_efuse.c:589 rtw_efuse_map_write() error: buffer overflow 'newdata' 8 <= 8
drivers/staging/rtl8188eu/core/rtw_efuse.c:598 rtw_efuse_map_write() error: buffer overflow 'newdata' 8 <= 8
drivers/staging/rtl8188eu/core/rtw_efuse.c:681 rtw_BT_efuse_map_write() error: buffer overflow 'newdata' 8 <= 8
drivers/staging/rtl8188eu/core/rtw_efuse.c:690 rtw_BT_efuse_map_write() error: buffer overflow 'newdata' 8 <= 8

In these cases, it is possible to write beyond the end of an array.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Larry Finger 2013-09-04 15:55:58 -05:00 committed by Greg Kroah-Hartman
parent 9511906776
commit e255b0c6f7
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/staging/rtl8188eu/core/rtw_efuse.c
View File

@ -542,7 +542,7 @@ u8 rtw_efuse_map_write(struct adapter *padapter, u16 addr, u16 cnts, u8 *data)
{
u8 offset, word_en;
u8 *map;
u8 newdata[PGPKT_DATA_SIZE];
u8 newdata[PGPKT_DATA_SIZE + 1];
s32 i, idx;
u8 ret = _SUCCESS;
u16 mapLen = 0;
@ -564,7 +564,7 @@ u8 rtw_efuse_map_write(struct adapter *padapter, u16 addr, u16 cnts, u8 *data)
offset = (addr >> 3);
word_en = 0xF;
_rtw_memset(newdata, 0xFF, PGPKT_DATA_SIZE);
_rtw_memset(newdata, 0xFF, PGPKT_DATA_SIZE + 1);
i = addr & 0x7; /* index of one package */
idx = 0; /* data index */
@ -634,7 +634,7 @@ u8 rtw_BT_efuse_map_write(struct adapter *padapter, u16 addr, u16 cnts, u8 *data
{
u8 offset, word_en;
u8 *map;
u8 newdata[PGPKT_DATA_SIZE];
u8 newdata[PGPKT_DATA_SIZE + 1];
s32 i, idx;
u8 ret = _SUCCESS;
u16 mapLen = 0;
@ -656,7 +656,7 @@ u8 rtw_BT_efuse_map_write(struct adapter *padapter, u16 addr, u16 cnts, u8 *data
offset = (addr >> 3);
word_en = 0xF;
_rtw_memset(newdata, 0xFF, PGPKT_DATA_SIZE);
_rtw_memset(newdata, 0xFF, PGPKT_DATA_SIZE + 1);
i = addr & 0x7; /* index of one package */
idx = 0; /* data index */