Re: [PATCH v2] wifi: ath9k: fix OOB access from firmware tx status queue ID

[Toke Høiland-Jørgensen]

Tristan Madani <tristmd@xxxxxxxxx> writes:

> From: Tristan Madani <tristan@xxxxxxxxxxxxxxxxxxx>
>
> ath_tx_edma_tasklet() accesses sc->tx.txq[ts.qid] where ts.qid is a
> 4-bit hardware field (0-15), but the txq array only has
> ATH9K_NUM_TX_QUEUES (10) entries. A qid >= 10 causes an OOB array
> access.
>
> Add a bounds check on ts.qid before using it as an array index.
>
> Fixes: fce041beb03f ("ath9k: unify edma and non-edma tx code, improve tx fifo handling")
> Signed-off-by: Tristan Madani <tristan@xxxxxxxxxxxxxxxxxxx>

Acked-by: Toke Høiland-Jørgensen <toke@xxxxxxx>