lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1ab422def27d43e1866b470a3f9d24aa@realtek.com>
Date:   Fri, 21 Oct 2022 00:12:29 +0000
From:   Ping-Ke Shih <pkshih@...ltek.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC:     "stable@...r.kernel.org" <stable@...r.kernel.org>,
        Kevin Yang <kevin_yang@...ltek.com>,
        Kalle Valo <kvalo@...nel.org>, Sasha Levin <sashal@...nel.org>
Subject: RE: [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow



> -----Original Message-----
> From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Sent: Wednesday, October 19, 2022 4:33 PM
> To: linux-kernel@...r.kernel.org
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>; stable@...r.kernel.org; Kevin Yang
> <kevin_yang@...ltek.com>; Ping-Ke Shih <pkshih@...ltek.com>; Kalle Valo <kvalo@...nel.org>; Sasha Levin
> <sashal@...nel.org>
> Subject: [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow
> 
> From: Zong-Zhe Yang <kevin_yang@...ltek.com>
> 
> [ Upstream commit 86331c7e0cd819bf0c1d0dcf895e0c90b0aa9a6f ]
> 
> reported by smatch
> 
> phy.c:854 rtw_phy_linear_2_db() error: buffer overflow 'db_invert_table[i]'
> 8 <= 8 (assuming for loop doesn't break)
> 
> However, it seems to be a false alarm because we prevent it originally via
>        if (linear >= db_invert_table[11][7])
>                return 96; /* maximum 96 dB */
> 
> Still, we adjust the code to be more readable and avoid smatch warning.

Like Pavel mentioned [1], this patch is to avoid smatch warning, not a really
bug. So, shouldn't take this patch. 

[1] https://lore.kernel.org/linux-wireless/20221018093921.GD1264@duo.ucw.cz/

> 
> Signed-off-by: Zong-Zhe Yang <kevin_yang@...ltek.com>
> Signed-off-by: Ping-Ke Shih <pkshih@...ltek.com>
> Signed-off-by: Kalle Valo <kvalo@...nel.org>
> Link: https://lore.kernel.org/r/20220727065003.28340-5-pkshih@realtek.com
> Signed-off-by: Sasha Levin <sashal@...nel.org>
> ---
>  drivers/net/wireless/realtek/rtw88/phy.c | 21 ++++++++-------------
>  1 file changed, 8 insertions(+), 13 deletions(-)
> 
> diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c
> index 8982e0c98dac..da1efec0aa85 100644
> --- a/drivers/net/wireless/realtek/rtw88/phy.c
> +++ b/drivers/net/wireless/realtek/rtw88/phy.c
> @@ -816,23 +816,18 @@ static u8 rtw_phy_linear_2_db(u64 linear)
>  	u8 j;
>  	u32 dB;
> 
> -	if (linear >= db_invert_table[11][7])
> -		return 96; /* maximum 96 dB */
> -
>  	for (i = 0; i < 12; i++) {
> -		if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][7])
> -			break;
> -		else if (i > 2 && linear <= db_invert_table[i][7])
> -			break;
> +		for (j = 0; j < 8; j++) {
> +			if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
> +				goto cnt;
> +			else if (i > 2 && linear <= db_invert_table[i][j])
> +				goto cnt;
> +		}
>  	}
> 
> -	for (j = 0; j < 8; j++) {
> -		if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
> -			break;
> -		else if (i > 2 && linear <= db_invert_table[i][j])
> -			break;
> -	}
> +	return 96; /* maximum 96 dB */
> 
> +cnt:
>  	if (j == 0 && i == 0)
>  		goto end;
> 
> --
> 2.35.1
> 
> 
> 
> 
> ------Please consider the environment before printing this e-mail.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ