Tue, 15 Dec 2015 19:56:18 +0200 було написано Adrian Chadd <adr...@freebsd.org>:

heh, wanna submit a fix? :)


Done. Thanks!



-a


On 15 December 2015 at 09:55, Andriy Voskoboinyk <s3er...@gmail.com> wrote:
hiya,

this popped up from the freebsd.org coverity scan:



________________________________________________________________________________________________________
*** CID 1343338:  Memory - illegal accesses  (OVERRUN)
/sys/dev/usb/wlan/if_urtwn.c: 4288 in urtwn_r88e_newassoc()
4282
4283            if (!isnew)
4284                    return;
4285
4286            URTWN_NT_LOCK(sc);
4287            for (id = 0; id <= URTWN_MACID_MAX(sc); id++) {

    CID 1343338:  Memory - illegal accesses  (OVERRUN)
Overrunning array "sc->node_list" of 63 8-byte elements at element
index 63 (byte offset 504) using index "id" (which evaluates to 63).

4288 if (id != URTWN_MACID_BC && sc->node_list[id] ==
NULL) {
4289                            un->id = id;
4290                            sc->node_list[id] = ni;
4291                            break;
4292                    }
4293            }

Would one of you figure it out?

Thanks!


-a


#define R88E_MACID_MAX          63
...
struct ieee80211_node           *node_list[R88E_MACID_MAX];

of course, I mean here 64, not 63 (probably, it was a bad idea to replace
first inaccessible element with last accessible).
_______________________________________________
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"
_______________________________________________
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

Reply via email to