| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9c02683d-c688-4e39-913e-6b20b3bd76a0@gmail.com>
Date: Tue, 15 Oct 2024 00:02:00 +0100
From: "Colin King (gmail)" <colin.i.king@...il.com>
To: Arend van Spriel <arend.vanspriel@...adcom.com>,
"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
brcm80211@...ts.linux.dev, brcm80211-dev-list.pdl@...adcom.com
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: incorrect shift and mask operation in
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c
Hi,
Static analysis on
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c has found
an issue with a mask and shift operation in function
wlc_phy_rxcal_radio_setup_nphy() as follows:
lines 26326-26330:
offtune_val =
(pi->tx_rx_cal_radio_saveregs
[2] & 0xF0) >> 8;
offtune_val =
(offtune_val <= 0x7) ? 0xF : 0;
and similar in lines 26376-26381 too.
The issue is that the expression pi->tx_rx_cal_radio_saveregs[2] & 0xF0
when shifted 8 places right is always zero, so this looks like a mistake
since some value value between 0..0xf is expected in the second statement.
Since pi->tx_rx_cal_radio_saveregs[2] is a u16 value the expression
could plausible be:
(pi->tx_rx_cal_radio_saveregs[2] & 0xf0) >> 4
or
(pi->tx_rx_cal_radio_saveregs[2] & 0xf00) >> 8
I don't have knowledge of the hardware so I'm not sure what a suitable
fix is.
Regards,
Colin
Powered by blists - more mailing lists