[ath:pending-deferred 23/61] drivers/net/wireless/ath/ath12k/mac.c:9812 ath12k_mac_parse_tx_pwr_env() error: buffer overflow 'local_non_psd->power' 5 <= 15
Dan Carpenter
dan.carpenter at linaro.org
Fri May 23 01:30:02 PDT 2025
tree: https://git.kernel.org/pub/scm/linux/kernel/git/ath/ath.git pending-deferred
head: 52c1e49f8c69a630f3dbe7dd79c52979cdad19d2
commit: cccbb9d0dd6ab9e3353066217e9ab5b44bd761d3 [23/61] wifi: ath12k: add parse of transmit power envelope element
config: x86_64-randconfig-161-20250518 (https://download.01.org/0day-ci/archive/20250518/202505180703.Kr9OfQRP-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp at intel.com>
| Reported-by: Dan Carpenter <dan.carpenter at linaro.org>
| Closes: https://lore.kernel.org/r/202505180703.Kr9OfQRP-lkp@intel.com/
New smatch warnings:
drivers/net/wireless/ath/ath12k/mac.c:9812 ath12k_mac_parse_tx_pwr_env() error: buffer overflow 'local_non_psd->power' 5 <= 15
drivers/net/wireless/ath/ath12k/mac.c:9812 ath12k_mac_parse_tx_pwr_env() error: buffer overflow 'local_non_psd->power' 5 <= 15
drivers/net/wireless/ath/ath12k/mac.c:9812 ath12k_mac_parse_tx_pwr_env() error: buffer overflow 'reg_non_psd->power' 5 <= 15
drivers/net/wireless/ath/ath12k/mac.c:9812 ath12k_mac_parse_tx_pwr_env() error: buffer overflow 'reg_non_psd->power' 5 <= 15
vim +9812 drivers/net/wireless/ath/ath12k/mac.c
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9802 } else {
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9803 tpc_info->is_psd_power = false;
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9804 tpc_info->eirp_power = 0;
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9805
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9806 tpc_info->num_pwr_levels = max(local_non_psd->count,
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9807 reg_non_psd->count);
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9808 if (tpc_info->num_pwr_levels > ATH12K_NUM_PWR_LEVELS)
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9809 tpc_info->num_pwr_levels = ATH12K_NUM_PWR_LEVELS;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
tpc_info->num_pwr_levels can be ATH12K_NUM_PWR_LEVELS (16).
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9810
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9811 for (i = 0; i < tpc_info->num_pwr_levels; i++) {
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 @9812 tpc_info->tpe[i] = min(local_non_psd->power[i],
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9813 reg_non_psd->power[i]) / 2;
^^^^^^^^^^^^^^^^^^^^^
So i can be 15 but there are only 5 elements in the array.
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9814 ath12k_dbg(ab, ATH12K_DBG_MAC,
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9815 "non PSD power[%d] : %d\n",
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9816 i, tpc_info->tpe[i]);
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9817 }
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9818 }
cccbb9d0dd6ab9 Baochen Qiang 2025-04-18 9819 }
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
More information about the ath12k
mailing list