Hi!
[ Upstream commit 86331c7e0cd819bf0c1d0dcf895e0c90b0aa9a6f ]
reported by smatch
phy.c:854 rtw_phy_linear_2_db() error: buffer overflow 'db_invert_table[i]' 8 <= 8 (assuming for loop doesn't break)
However, it seems to be a false alarm because we prevent it originally via if (linear >= db_invert_table[11][7]) return 96; /* maximum 96 dB */
Still, we adjust the code to be more readable and avoid smatch warning.
There's no bug, it is just smatch that is confused. We should not take this to 5.10.
Best regards, Pavel
drivers/net/wireless/realtek/rtw88/phy.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c index af8b703d11d4..0fc5a893c395 100644 --- a/drivers/net/wireless/realtek/rtw88/phy.c +++ b/drivers/net/wireless/realtek/rtw88/phy.c @@ -604,23 +604,18 @@ static u8 rtw_phy_linear_2_db(u64 linear) u8 j; u32 dB;
- if (linear >= db_invert_table[11][7])
return 96; /* maximum 96 dB */
- for (i = 0; i < 12; i++) {
if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][7])
break;
else if (i > 2 && linear <= db_invert_table[i][7])
break;
for (j = 0; j < 8; j++) {
if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
goto cnt;
else if (i > 2 && linear <= db_invert_table[i][j])
goto cnt;
}}
- for (j = 0; j < 8; j++) {
if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
break;
else if (i > 2 && linear <= db_invert_table[i][j])
break;
- }
- return 96; /* maximum 96 dB */
+cnt: if (j == 0 && i == 0) goto end; -- 2.35.1