Re: [PATCH] staging: r8188eu: do not write past the end of an array

From: Michael Straube
Date: Sat Sep 18 2021 - 10:26:42 EST

Next message: alexander morgan: "hi"
Previous message: Greg KH: "Re: [PATCH 1/2] staging: r8188eu: remove unused defines from odm_RegDefine11N.h"
In reply to: Martin Kaiser: "[PATCH] staging: r8188eu: do not write past the end of an array"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/18/21 15:40, Martin Kaiser wrote:

Commit f7b687d6b67e ("staging: r8188eu: remove NumTotalRFPath from struct
hal_data_8188e") removed a for loop around a block of code that is executed
only once when i == 0. However, without the for loop, i will never be set
to 0 before the code block is executed. i remains at 2, which is the final
value after the previous loop. This results in a write past the end of the
powerlevel and MCSBase arrays.

[ 28.480809] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: rtl8188e_PHY_RF6052SetOFDMTxPower+0x124/0x128 [r8188eu]
[ 28.493752] ---[ end Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: rtl8188e_PHY_RF6052SetOFDMTxPower+0x124/0x128 [r8188eu] ]---

Fix this by replacing i with 0 in the code block that used to be the body of
the loop. While at it, remove the powerlevel array that was just holding a
temporary value.

Oh, I missed that.
Many thanks for fixing this, Martin. Looks good to me.

Acked-by: Michael Straube <straube.linux@xxxxxxxxx>

Thanks,
Michael

Next message: alexander morgan: "hi"
Previous message: Greg KH: "Re: [PATCH 1/2] staging: r8188eu: remove unused defines from odm_RegDefine11N.h"
In reply to: Martin Kaiser: "[PATCH] staging: r8188eu: do not write past the end of an array"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]