Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 4579824bf9b8981aca6902e09eabb50ac4c88ef4
commit4579824bf9b8981aca6902e09eabb50ac4c88ef4[log] [tgz]
authorLuca Coelho <luciano.coelho@intel.com>Sat Oct 13 09:46:08 2018 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Tue Nov 13 11:16:55 2018 -0800
tree6289a9106711d2dfe508f467991c3ce633b03983
parent37ef739a0aed98228e7e31c6465c6719f736a878 [diff]
iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()

commit 3d71c3f1f50cf309bd20659422af549bc784bfff upstream.

The rs_rate_from_ucode_rate() function may return -EINVAL if the rate
is invalid, but none of the callsites check for the error, potentially
making us access arrays with index IWL_RATE_INVALID, which is larger
than the arrays, causing an out-of-bounds access.  This will trigger
KASAN warnings, such as the one reported in the bugzilla issue
mentioned below.

This fixes https://bugzilla.kernel.org/show_bug.cgi?id=200659

Cc: stable@vger.kernel.org
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 6289a9106711d2dfe508f467991c3ce633b03983
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS