projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cf8f3d4)
wifi: ath6kl: minor fix for allocation size
authorAlexey V. Vissarionov <gremlin@altlinux.org>
Wed, 15 Feb 2023 18:31:37 +0000 (20:31 +0200)
committerKalle Valo <quic_kvalo@quicinc.com>
Fri, 17 Feb 2023 16:03:04 +0000 (18:03 +0200)
Although the "param" pointer occupies more or equal space compared
to "*param", the allocation size should use the size of variable
itself.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: bdcd81707973cf8a ("Add ath6kl cleaned up driver")
Signed-off-by: Alexey V. Vissarionov <gremlin@altlinux.org>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230117110414.GC12547@altlinux.org
drivers/net/wireless/ath/ath6kl/bmi.c patch | blob | history

diff --git a/drivers/net/wireless/ath/ath6kl/bmi.c b/drivers/net/wireless/ath/ath6kl/bmi.c
index bde5a10..af98e87 100644 (file)
--- a/drivers/net/wireless/ath/ath6kl/bmi.c
+++ b/drivers/net/wireless/ath/ath6kl/bmi.c
@@ -246,7 +246,7 @@ int ath6kl_bmi_execute(struct ath6kl *ar, u32 addr, u32 *param)
                return -EACCES;
        }
 
-       size = sizeof(cid) + sizeof(addr) + sizeof(param);
+       size = sizeof(cid) + sizeof(addr) + sizeof(*param);
        if (size > ar->bmi.max_cmd_size) {
                WARN_ON(1);
                return -EINVAL;
Domain: System / Kernel;