Kees Cook <[email protected]> wrote: > struct mwifiex_ie_types_chan_list_param_set::chan_scan_param is treated > as a flexible array, so convert it into one so that it doesn't trip > the array bounds sanitizer[1]. Only a few places were using sizeof() > on the whole struct, so adjust those to follow the calculation pattern > to avoid including the trailing single element. > > Examining binary output differences doesn't appear to show any literal > size values changing, though it is obfuscated a bit by the compiler > adjusting register usage and stack spill slots, etc. > > Link: https://github.com/KSPP/linux/issues/51 [1] > Cc: Brian Norris <[email protected]> > Cc: Kalle Valo <[email protected]> > Cc: Dmitry Antipov <[email protected]> > Cc: Johannes Berg <[email protected]> > Cc: zuoqilin <[email protected]> > Cc: Ruan Jinjie <[email protected]> > Cc: Thomas Gleixner <[email protected]> > Cc: Christophe JAILLET <[email protected]> > Cc: Gustavo A. R. Silva <[email protected]> > Cc: [email protected] > Signed-off-by: Kees Cook <[email protected]> > Reviewed-by: Gustavo A. R. Silva <[email protected]>
Patch applied to wireless-next.git, thanks. 14ddc470ba22 wifi: mwifiex: Refactor 1-element array into flexible array in struct mwifiex_ie_types_chan_list_param_set -- https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
