[PATCH][next] staging: r8188eu: Fix out-of-bounds error in

From: Gustavo A. R. Silva
Date: Wed Feb 02 2022 - 00:20:42 EST


HT_caps_handler()
Reply-To:

Fix the following out-of-bounds error (caught with -Warray-bounds=2):

drivers/staging/r8188eu/core/rtw_wlan_util.c: In function ‘HT_caps_handler’:
drivers/staging/r8188eu/core/rtw_wlan_util.c:719:54: error: array subscript 2 is above array bounds of ‘u8[1]’ {aka ‘unsigned char[1]’} [-Werror=array-bounds]
719 | pIE->data[i] & 0x3);
| ~~~~~~~~~^~~
./include/linux/minmax.h:32:39: note: in definition of macro ‘__cmp_once’
32 | typeof(y) unique_y = (y); \
| ^
./include/linux/minmax.h:45:25: note: in expansion of macro ‘__careful_cmp’
45 | #define min(x, y) __careful_cmp(x, y, <)
| ^~~~~~~~~~~~~
drivers/staging/r8188eu/core/rtw_wlan_util.c:718:41: note: in expansion of macro ‘min’
718 | max_AMPDU_len = min(pmlmeinfo->HT_caps.u.HT_cap_element.AMPDU_para & 0x3,
| ^~~
In file included from drivers/staging/r8188eu/core/../include/drv_types.h:16,
from drivers/staging/r8188eu/core/rtw_wlan_util.c:7:
drivers/staging/r8188eu/core/../include/wlan_bssdef.h:64:13: note: while referencing ‘data’
64 | u8 data[1];
| ^~~~

by transforming one-element array into a flexible-array member in
struct ndis_802_11_var_ie

This is part of the ongoing efforts to globally enable -Warray-bounds.

Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>
---
drivers/staging/r8188eu/include/wlan_bssdef.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/r8188eu/include/wlan_bssdef.h b/drivers/staging/r8188eu/include/wlan_bssdef.h
index 99ca097b8edd..9d1c9e763287 100644
--- a/drivers/staging/r8188eu/include/wlan_bssdef.h
+++ b/drivers/staging/r8188eu/include/wlan_bssdef.h
@@ -61,7 +61,7 @@ struct ndis_802_11_fixed_ie {
struct ndis_802_11_var_ie {
u8 ElementID;
u8 Length;
- u8 data[1];
+ u8 data[];
};

/*
--
2.27.0