lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 18 Oct 2022 11:39:21 +0200
From:   Pavel Machek <pavel@...x.de>
To:     Sasha Levin <sashal@...nel.org>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Zong-Zhe Yang <kevin_yang@...ltek.com>,
        Ping-Ke Shih <pkshih@...ltek.com>,
        Kalle Valo <kvalo@...nel.org>, tony0620emma@...il.com,
        davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
        pabeni@...hat.com, linux-wireless@...r.kernel.org,
        netdev@...r.kernel.org
Subject: Re: [PATCH AUTOSEL 5.10 01/34] wifi: rtw88: phy: fix warning of
 possible buffer overflow

Hi!

> [ Upstream commit 86331c7e0cd819bf0c1d0dcf895e0c90b0aa9a6f ]
> 
> reported by smatch
> 
> phy.c:854 rtw_phy_linear_2_db() error: buffer overflow 'db_invert_table[i]'
> 8 <= 8 (assuming for loop doesn't break)
> 
> However, it seems to be a false alarm because we prevent it originally via
>        if (linear >= db_invert_table[11][7])
>                return 96; /* maximum 96 dB */
> 
> Still, we adjust the code to be more readable and avoid smatch warning.

There's no bug, it is just smatch that is confused. We should not take
this to 5.10.

Best regards,
									Pavel

>  drivers/net/wireless/realtek/rtw88/phy.c | 21 ++++++++-------------
>  1 file changed, 8 insertions(+), 13 deletions(-)
> 
> diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c
> index af8b703d11d4..0fc5a893c395 100644
> --- a/drivers/net/wireless/realtek/rtw88/phy.c
> +++ b/drivers/net/wireless/realtek/rtw88/phy.c
> @@ -604,23 +604,18 @@ static u8 rtw_phy_linear_2_db(u64 linear)
>  	u8 j;
>  	u32 dB;
>  
> -	if (linear >= db_invert_table[11][7])
> -		return 96; /* maximum 96 dB */
> -
>  	for (i = 0; i < 12; i++) {
> -		if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][7])
> -			break;
> -		else if (i > 2 && linear <= db_invert_table[i][7])
> -			break;
> +		for (j = 0; j < 8; j++) {
> +			if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
> +				goto cnt;
> +			else if (i > 2 && linear <= db_invert_table[i][j])
> +				goto cnt;
> +		}
>  	}
>  
> -	for (j = 0; j < 8; j++) {
> -		if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
> -			break;
> -		else if (i > 2 && linear <= db_invert_table[i][j])
> -			break;
> -	}
> +	return 96; /* maximum 96 dB */
>  
> +cnt:
>  	if (j == 0 && i == 0)
>  		goto end;
>  
> -- 
> 2.35.1

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ