Denis Efremov efremov@linux.com wrote:
memcpy() in wmi_set_ie() and wmi_update_ft_ies() is called with src == NULL and len == 0. This is an undefined behavior. Fix it by checking "ie_len > 0" before the memcpy() calls.
As suggested by GCC documentation: "The pointers passed to memmove (and similar functions in <string.h>) must be non-null even when nbytes==0, so GCC can use that information to remove the check after the memmove call." [1]
[1] https://gcc.gnu.org/gcc-4.9/porting_to.html
Cc: Maya Erez merez@codeaurora.org Cc: Kalle Valo kvalo@codeaurora.org Cc: "David S. Miller" davem@davemloft.net Cc: stable@vger.kernel.org Signed-off-by: Denis Efremov efremov@linux.com Signed-off-by: Kalle Valo kvalo@codeaurora.org
Patch applied to ath-next branch of ath.git, thanks.
2c840676be8f wil6210: check len before memcpy() calls