-----Original Message----- From: Greg Kroah-Hartman gregkh@linuxfoundation.org Sent: Wednesday, October 19, 2022 4:33 PM To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman gregkh@linuxfoundation.org; stable@vger.kernel.org; Kevin Yang kevin_yang@realtek.com; Ping-Ke Shih pkshih@realtek.com; Kalle Valo kvalo@kernel.org; Sasha Levin sashal@kernel.org Subject: [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow
From: Zong-Zhe Yang kevin_yang@realtek.com
[ Upstream commit 86331c7e0cd819bf0c1d0dcf895e0c90b0aa9a6f ]
reported by smatch
phy.c:854 rtw_phy_linear_2_db() error: buffer overflow 'db_invert_table[i]' 8 <= 8 (assuming for loop doesn't break)
However, it seems to be a false alarm because we prevent it originally via if (linear >= db_invert_table[11][7]) return 96; /* maximum 96 dB */
Still, we adjust the code to be more readable and avoid smatch warning.
Like Pavel mentioned [1], this patch is to avoid smatch warning, not a really bug. So, shouldn't take this patch.
[1] https://lore.kernel.org/linux-wireless/20221018093921.GD1264@duo.ucw.cz/
Signed-off-by: Zong-Zhe Yang kevin_yang@realtek.com Signed-off-by: Ping-Ke Shih pkshih@realtek.com Signed-off-by: Kalle Valo kvalo@kernel.org Link: https://lore.kernel.org/r/20220727065003.28340-5-pkshih@realtek.com Signed-off-by: Sasha Levin sashal@kernel.org
drivers/net/wireless/realtek/rtw88/phy.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c index 8982e0c98dac..da1efec0aa85 100644 --- a/drivers/net/wireless/realtek/rtw88/phy.c +++ b/drivers/net/wireless/realtek/rtw88/phy.c @@ -816,23 +816,18 @@ static u8 rtw_phy_linear_2_db(u64 linear) u8 j; u32 dB;
- if (linear >= db_invert_table[11][7])
return 96; /* maximum 96 dB */- for (i = 0; i < 12; i++) {
if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][7])break;else if (i > 2 && linear <= db_invert_table[i][7])break;
for (j = 0; j < 8; j++) {if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])goto cnt;else if (i > 2 && linear <= db_invert_table[i][j])goto cnt;}
- for (j = 0; j < 8; j++) {
if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])break;else if (i > 2 && linear <= db_invert_table[i][j])break;- }
- return 96; /* maximum 96 dB */
+cnt: if (j == 0 && i == 0) goto end;
-- 2.35.1
------Please consider the environment before printing this e-mail.