| Message ID | 200ea97407b6f121da7ccd4567fde4b0426c5d9c.1670404791.git.deren.wu@mediatek.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Felix Fietkau |
| Headers | show |
| Series | wifi: mt76: fix coverity uninit_use_in_call in mt76_connac2_reverse_frag0_hdr_trans() | expand |
Il 07/12/22 10:22, Deren Wu ha scritto: > The default case for frame_contorl is invalid. We should always > assign addr3 of this frame properly. > > Coverity error message: > if (ieee80211_has_a4(hdr.frame_control)) > (19) Event uninit_use_in_call: Using uninitialized value "hdr". > Field "hdr.addr3" is uninitialized when calling "memcpy". > memcpy(skb_push(skb, sizeof(hdr)), &hdr, sizeof(hdr)); > else > memcpy(skb_push(skb, sizeof(hdr) - 6), &hdr, sizeof(hdr) - 6); > > Signed-off-by: Deren Wu <deren.wu@mediatek.com> Please add the appropriate Fixes tag to this commit. Thanks, Angelo
On Wed, 2022-12-07 at 14:17 +0100, AngeloGioacchino Del Regno wrote: > Il 07/12/22 10:22, Deren Wu ha scritto: > > The default case for frame_contorl is invalid. We should always > > assign addr3 of this frame properly. > > > > Coverity error message: > > if (ieee80211_has_a4(hdr.frame_control)) > > (19) Event uninit_use_in_call: Using uninitialized value > > "hdr". > > Field "hdr.addr3" is uninitialized when calling "memcpy". > > memcpy(skb_push(skb, sizeof(hdr)), &hdr, sizeof(hdr)); > > else > > memcpy(skb_push(skb, sizeof(hdr) - 6), &hdr, sizeof(hdr) - 6); > > > > Signed-off-by: Deren Wu <deren.wu@mediatek.com> > > Please add the appropriate Fixes tag to this commit. > > Thanks, > Angelo > Thanks, Angelo. I will post a new version with Fixes tag.
diff --git a/drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c b/drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c index fd60123fb284..c8d0c84e688b 100644 --- a/drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c +++ b/drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c @@ -930,7 +930,7 @@ int mt76_connac2_reverse_frag0_hdr_trans(struct ieee80211_vif *vif, ether_addr_copy(hdr.addr4, eth_hdr->h_source); break; default: - break; + return -EINVAL; } skb_pull(skb, hdr_offset + sizeof(struct ethhdr) - 2);
The default case for frame_contorl is invalid. We should always assign addr3 of this frame properly. Coverity error message: if (ieee80211_has_a4(hdr.frame_control)) (19) Event uninit_use_in_call: Using uninitialized value "hdr". Field "hdr.addr3" is uninitialized when calling "memcpy". memcpy(skb_push(skb, sizeof(hdr)), &hdr, sizeof(hdr)); else memcpy(skb_push(skb, sizeof(hdr) - 6), &hdr, sizeof(hdr) - 6); Signed-off-by: Deren Wu <deren.wu@mediatek.com> --- drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)