iwlwifi: out-of-bounds access in iwl_init_sband_channels
KASan error report: ================================================================== BUG: KASan: out of bounds access in iwl_init_sband_channels+0x207/0x260 [iwlwifi] at addr ffff8800c2d0aac8 Read of size 4 by task modprobe/329 ================================================================== Both loops of this function compare data from the 'chan' array and then check if the index is valid. The 2 conditions should be inverted to avoid an out-of-bounds access. Signed-off-by: Adrien Schildknecht <adrien+dev@schischi.me> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
This commit is contained in:
parent
da0fa5ebb2
commit
e192cd121d
|
@ -713,12 +713,12 @@ int iwl_init_sband_channels(struct iwl_nvm_data *data,
|
|||
struct ieee80211_channel *chan = &data->channels[0];
|
||||
int n = 0, idx = 0;
|
||||
|
||||
while (chan->band != band && idx < n_channels)
|
||||
while (idx < n_channels && chan->band != band)
|
||||
chan = &data->channels[++idx];
|
||||
|
||||
sband->channels = &data->channels[idx];
|
||||
|
||||
while (chan->band == band && idx < n_channels) {
|
||||
while (idx < n_channels && chan->band == band) {
|
||||
chan = &data->channels[++idx];
|
||||
n++;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue