lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <819fc850-98b4-4a0c-af4d-da2cf41cfcbd@gmail.com>
Date: Thu, 22 Jan 2026 09:14:50 +0100
From: Christian Lamparter <chunkeey@...il.com>
To: Zilin Guan <zilin@....edu.cn>
Cc: jianhao.xu@....edu.cn, johannes.berg@...el.com,
 johannes@...solutions.net, linux-kernel@...r.kernel.org,
 linux-wireless@...r.kernel.org, quic_rdevanat@...cinc.com
Subject: Re: [PATCH v2] wifi: p54: Fix memory leak in p54_beacon_update()

Hi Zilin,

On 1/21/26 10:05 AM, Zilin Guan wrote:
> On Tue, Jan 20, 2026 at 09:25:15PM +0100, Christian Lamparter wrote:
>> Ok, from what I remember, this return basically is/was and likely will be a dead-code path.
>> So adding something there is only there to "look" good for the static analysis tools.
>> But many commits like these have been merged before. As long as it is mentioned that
>> static analysis was the reason for this. Yeah sure why not.
>>
>>
>> Reason being why this is dead-code is that in order for the path to trigger, mac80211's
>> ieee80211_beacon_get must have prepared an invalid beacon (with an invalid TIM Element)
>> to start with... And looking at ieee80211_beacon_add_tim_pvb, it still looks to me like
>> the IE length can't be less than 3 ever. But, I've been wrong before, if you do see please
>> correct me. (If not, you don't neet to really bother with the Fixes-Tag)
> 
> I agree with your analysis. I checked the code and confirmed that mac80211
> guarantees a minimum TIM length of 4 bytes for non-S1G devices.
> 
> I appreciate you accepting this patch to silence the static analysis warning.

Phew, and so far no buildbot replied with comments.

I have one last request: Can you please add a sentence about that analysis into the commit log as well?
Our future selves could maybe appreciate that one day, if this comes up again. Because then we won't have
to remember all or search/look for it again, if it's already neatly written down directly there.

Thank you,
Christian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ