RE: Bug Report - Rtlwifi

Next message: Sultan Alsawaf: "Re: [PATCH v5 0/7] Add AMD ISP4 driver"
Previous message: Dan Carpenter: "Re: [PATCH v3] most: core: fix resource leak in most_register_interface error paths"
Next in thread: alex bestoso: "Re: Bug Report - Rtlwifi"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ping-Ke Shih

Date: Thu Nov 27 2025 - 01:37:55 EST

alex bestoso <alexbestoso@xxxxxxxxxxxxxxx> wrote:
> Bug Description :
> Index out of range. Problem happens on it's own after being connected to a network for a short while.
>
> Error message :
> UBSAN: array-index-out-of-bounds in drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c:514:30
> [ 454.351041] index 10 is out of range for type 'rtl_tid_data [9]'
>
> Kernel Version :
> 6.18.0-rc6+
>
> Suggested Solution:
> change the file drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c from
>
> 513 tid = ieee80211_get_tid(hdr);
> 514 agg_state = sta_entry->tids[tid].agg.agg_state;
> 515 ampdu_density = sta->deflink.ht_cap.ampdu_density;
>
> to
>
> 513 tid = ieee80211_get_tid(hdr);
> 514 if(tid < MAX_TID_COUNT)
> 515 agg_state = sta_entry->tids[tid].agg.agg_state;
> 516 ampdu_density = sta->deflink.ht_cap.ampdu_density;

This change is fine to me. Can you send a patch?