driver_wext.c memcpy problem

Mon May 4 07:26:45 PDT 2009

On Mon, 2009-05-04 at 01:12 -0400, Pavel Roskin wrote:
> On Thu, 2009-04-30 at 16:42 -0700, Dmitry Shmidt wrote:
> > Hi,
> > 
> > In driver_wext.c in function there is memcpy that has overlapping
> > areas :
> > struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
> > {
> > ...
> > if (wext_19_iw_point(drv, iwe->cmd)) {
> >             /* WE-19 removed the pointer from struct iw_point */
> >             char *dpos = (char *) &iwe_buf.u.data.length;
> >             int dlen = dpos - (char *) &iwe_buf;
> >             os_memcpy(dpos, pos + IW_EV_LCP_LEN,   <<<<<<<<<<
> >                   sizeof(struct iw_event) - dlen);
> >         } else {
> >             os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
> >             custom += IW_EV_POINT_OFF;
> >         }
> >  ...
> > }
> > 
> > It didn't work for me so I needed to exchange it with memmove() call.
> 
> Actually, there is a function os_memmove() that should do it.

Right, but I'd like to know how this was actually overlapping in the
first place...  I tried to figure that out on Friday but the WEXT event
code is impossible to understand.  I don't believe the memory *should*
overlap, and thus this might be hiding a bug in the driver or kernel
that the OP is using.

This should just copy the iw_point structure (which is really just flags
and length) into iwe_buf, no?

Dan

> > I am just curious how it worked for other people ? Is it possible that
> > most memcpy() lib functions know how to handle overlapping areas ?
> 
> Maybe it just iterates over the memory in the direction that we need.
> 
> > Anyway it is not a mandatory memcpy() functionality.
> 
> I agree.
> 