subject:"\[patch 2\/2\] Staging\: rtl8192e\: pointer math bug in rtllib_rx

Re: [patch 2/2] Staging: rtl8192e: pointer math bug in rtllib_rx_DELBA()

2015-07-18 Thread Dan Carpenter

On Fri, Jul 17, 2015 at 10:17:40PM +0200, Mateusz Kulikowski wrote: diff --git a/drivers/staging/rtl8192e/rtl819x_BAProc.c b/drivers/staging/rtl8192e/rtl819x_BAProc.c index 60f536c..98e6c4e 100644 --- a/drivers/staging/rtl8192e/rtl819x_BAProc.c +++

Re: [patch 2/2] Staging: rtl8192e: pointer math bug in rtllib_rx_DELBA()

2015-07-18 Thread Malcolm Priestley

On 18/07/15 09:09, Dan Carpenter wrote: On Fri, Jul 17, 2015 at 10:17:40PM +0200, Mateusz Kulikowski wrote: diff --git a/drivers/staging/rtl8192e/rtl819x_BAProc.c b/drivers/staging/rtl8192e/rtl819x_BAProc.c index 60f536c..98e6c4e 100644 --- a/drivers/staging/rtl8192e/rtl819x_BAProc.c +++

[patch 2/2] Staging: rtl8192e: pointer math bug in rtllib_rx_DELBA()

2015-07-17 Thread Dan Carpenter

The delba variable is a pointer to struct rtllib_hdr_3addr so this pointer math bug means that we read nonsense data from beyond the end of the buffer. It could result in a oops if the memory is not mapped. Signed-off-by: Dan Carpenter dan.carpen...@oracle.com diff --git

Re: [patch 2/2] Staging: rtl8192e: pointer math bug in rtllib_rx_DELBA()

2015-07-17 Thread Mateusz Kulikowski

n 17.07.2015 11:24, Dan Carpenter wrote: The delba variable is a pointer to struct rtllib_hdr_3addr so this pointer math bug means that we read nonsense data from beyond the end of the buffer. It could result in a oops if the memory is not mapped. Signed-off-by: Dan Carpenter

Re: [patch 2/2] Staging: rtl8192e: pointer math bug in rtllib_rx_DELBA()

Re: [patch 2/2] Staging: rtl8192e: pointer math bug in rtllib_rx_DELBA()

[patch 2/2] Staging: rtl8192e: pointer math bug in rtllib_rx_DELBA()

Re: [patch 2/2] Staging: rtl8192e: pointer math bug in rtllib_rx_DELBA()

4 matches

Site Navigation

Mail list logo

Footer information