Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / e192cd121dbe009f67eddd5171d588994b15486c
commite192cd121dbe009f67eddd5171d588994b15486c[log] [tgz]
authorAdrien Schildknecht <adrien+dev@schischi.me>Fri Aug 14 02:35:32 2015 +0200
committerEmmanuel Grumbach <emmanuel.grumbach@intel.com>Tue Aug 18 10:25:25 2015 +0300
treec2623a350ec624ccade516a509e66a5937df1c2b
parentda0fa5ebb254d1617455ace9af1ce2f1d375a95d [diff]
iwlwifi: out-of-bounds access in iwl_init_sband_channels

KASan error report:
==================================================================
BUG: KASan: out of bounds access in iwl_init_sband_channels+0x207/0x260 [iwlwifi] at addr ffff8800c2d0aac8
Read of size 4 by task modprobe/329
==================================================================

Both loops of this function compare data from the 'chan' array and then
check if the index is valid.

The 2 conditions should be inverted to avoid an out-of-bounds access.

Signed-off-by: Adrien Schildknecht <adrien+dev@schischi.me>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
1 file changed
tree: c2623a350ec624ccade516a509e66a5937df1c2b
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS