heh, wanna submit a fix? :)
-a On 15 December 2015 at 09:55, Andriy Voskoboinyk <[email protected]> wrote: >> hiya, >> >> this popped up from the freebsd.org coverity scan: >> >> >> >> ________________________________________________________________________________________________________ >> *** CID 1343338: Memory - illegal accesses (OVERRUN) >> /sys/dev/usb/wlan/if_urtwn.c: 4288 in urtwn_r88e_newassoc() >> 4282 >> 4283 if (!isnew) >> 4284 return; >> 4285 >> 4286 URTWN_NT_LOCK(sc); >> 4287 for (id = 0; id <= URTWN_MACID_MAX(sc); id++) { >>>>> >>>>> CID 1343338: Memory - illegal accesses (OVERRUN) >>>>> Overrunning array "sc->node_list" of 63 8-byte elements at element >>>>> index 63 (byte offset 504) using index "id" (which evaluates to 63). >> >> 4288 if (id != URTWN_MACID_BC && sc->node_list[id] == >> NULL) { >> 4289 un->id = id; >> 4290 sc->node_list[id] = ni; >> 4291 break; >> 4292 } >> 4293 } >> >> Would one of you figure it out? >> >> Thanks! >> >> >> -a > > > #define R88E_MACID_MAX 63 > ... > struct ieee80211_node *node_list[R88E_MACID_MAX]; > > of course, I mean here 64, not 63 (probably, it was a bad idea to replace > first inaccessible element with last accessible). _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to "[email protected]"
