mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-24 19:35:58 +00:00
wifi: ath12k: fix memcpy array overflow in ath12k_peer_assoc_h_he()
[ Upstream commit603cf6c2fc
] Two memory copies in this function copy from a short array into a longer one, using the wrong size, which leads to an out-of-bounds access: include/linux/fortify-string.h:592:4: error: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror,-Wattribute-warning] __read_overflow2_field(q_size_field, size); ^ include/linux/fortify-string.h:592:4: error: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror,-Wattribute-warning] 2 errors generated. Fixes:d889913205
("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230703123737.3420464-1-arnd@kernel.org Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
7a031c9eaa
commit
f12a425a7c
1 changed files with 2 additions and 2 deletions
|
@ -1634,9 +1634,9 @@ static void ath12k_peer_assoc_h_he(struct ath12k *ar,
|
|||
arg->peer_nss = min(sta->deflink.rx_nss, max_nss);
|
||||
|
||||
memcpy(&arg->peer_he_cap_macinfo, he_cap->he_cap_elem.mac_cap_info,
|
||||
sizeof(arg->peer_he_cap_macinfo));
|
||||
sizeof(he_cap->he_cap_elem.mac_cap_info));
|
||||
memcpy(&arg->peer_he_cap_phyinfo, he_cap->he_cap_elem.phy_cap_info,
|
||||
sizeof(arg->peer_he_cap_phyinfo));
|
||||
sizeof(he_cap->he_cap_elem.phy_cap_info));
|
||||
arg->peer_he_ops = vif->bss_conf.he_oper.params;
|
||||
|
||||
/* the top most byte is used to indicate BSS color info */
|
||||
|
|
Loading…
Reference in a new issue