Re: [PATCH] iwlwifi: out-of-bounds access in iwl_init_sband_channels

From: Kalle Valo
Date: Fri Aug 14 2015 - 03:14:39 EST


Adrien Schildknecht <adrien+dev@xxxxxxxxxxx> writes:

> Hi,
>
>> On 08/14/2015 03:36 AM, Adrien Schildknecht wrote:
>> > Both loops of this function compare data from the 'chan' array and
>> > then check if the index is valid.
>> >
>> > The 2 conditions should be inverted to avoid an out-of-bounds
>> > access.
>> >
>>
>> Was that found by a static analyzer or any other automated tool, or
>> was that the result of your very careful review?
>
> The error has been reported by KASan:
> ==================================================================
> BUG: KASan: out of bounds access in iwl_init_sband_channels+0x207/0x260 [iwlwifi] at addr ffff8800c2d0aac8
> Read of size 4 by task modprobe/329
> ==================================================================

Always try to add information like this to the commit log, it's very
useful.

--
Kalle Valo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/