Re: [syzbot] Re: UBSAN: array-index-out-of-bounds in htc_issue_send

From: syzbot
Date: Fri Oct 25 2024 - 01:44:17 EST

Next message: kernel test robot: "Re: [PATCH 1/7] kernel/cgroup: Add "dev" memory accounting cgroup"
Previous message: Nicolin Chen: "Re: [PATCH v4 00/14] iommufd: Add vIOMMU infrastructure (Part-2: vDEVICE)"
In reply to: syzbot: "Re: [syzbot] Re: UBSAN: array-index-out-of-bounds in htc_issue_send"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx, syzkaller-bugs@xxxxxxxxxxxxxxxx.

***

Subject: Re: UBSAN: array-index-out-of-bounds in htc_issue_send
Author: dmantipov@xxxxxxxxx

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next eaed5fc0c322d75cfcdbc7a16c0c5023d9e4f6fe

diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c b/drivers/net/wireless/ath/ath9k/htc_hst.c
index eb631fd3336d..a5bc0a5dfe7c 100644
--- a/drivers/net/wireless/ath/ath9k/htc_hst.c
+++ b/drivers/net/wireless/ath/ath9k/htc_hst.c
@@ -294,6 +294,9 @@ int htc_connect_service(struct htc_target *target,
return -ETIMEDOUT;
}

+ if (unlikely(target->conn_rsp_epid == ENDPOINT_UNUSED))
+ return -ENODEV;
+
*conn_rsp_epid = target->conn_rsp_epid;
return 0;
err:

Next message: kernel test robot: "Re: [PATCH 1/7] kernel/cgroup: Add "dev" memory accounting cgroup"
Previous message: Nicolin Chen: "Re: [PATCH v4 00/14] iommufd: Add vIOMMU infrastructure (Part-2: vDEVICE)"
In reply to: syzbot: "Re: [syzbot] Re: UBSAN: array-index-out-of-bounds in htc_issue_send"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]