Re: [PATCH v2 0/6] wifi: mwifiex: fix OOB reads and writes from firmware response fields

Next message: Sean Christopherson: "Re: [PATCH 1/4] perf/x86/intel: Don't write PEBS_ENABLED on host&lt;=&gt;guest xfers if CPU has isolation"
Previous message: Paul E. McKenney: "Re: [WARNING] RCU stall in sock_def_readable()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Brian Norris

Date: Thu Apr 16 2026 - 20:16:45 EST

On Wed, Apr 15, 2026 at 10:23:21PM +0000, Tristan Madani wrote:
> From: Tristan Madani <tristan@xxxxxxxxxxxxxxxxxxx>
>
> Hi Brian,
>
> Note: this is a v2 resubmission. The original was sent via Gmail which
> caused HTML rendering issues. This version uses git send-email for
> proper plain-text formatting.

You also sent it privately / directly to me, and I don't think you even
sent the whole thing. You've fixed some of that now, thanks.

> Six issues in mwifiex where firmware-controlled fields are used as array
> indices or loop bounds without validation. Two are OOB writes, four are
> OOB reads:
>
> Proposed fixes in the following patches.

Several of these don't actually apply to wireless/for-next correctly, so
I can't actually review them. On at least one, I think you seem to have
stripped a line or two somehow.

Please confirm you can apply your series to
git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git
for-next with 'git am', and then resend.

Brian