Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 15 Dec 2015 20:00:01 +0200
From:      "Andriy Voskoboinyk" <avos@freebsd.org>
To:        "Adrian Chadd" <adrian@freebsd.org>
Cc:        "Kevin Lo" <kevlo@freebsd.org>, "freebsd-wireless@freebsd.org" <freebsd-wireless@freebsd.org>
Subject:   Re: coverity scan results for urtwn
Message-ID:  <op.x9o5mby84dikkl@localhost>
In-Reply-To: <CAJ-VmomBz2Nc42RD5ovov=moRx_DKBRGuLQB16FPQZwWTjyUYQ@mail.gmail.com>
References:  <CAJ-VmonZYYdhbLhkE=gAGPp6%2B0sq7fhZNvJJytyXedT8MQOtLw@mail.gmail.com> <op.x9o5ezxoiew4ia@localhost> <CAJ-VmomBz2Nc42RD5ovov=moRx_DKBRGuLQB16FPQZwWTjyUYQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Tue, 15 Dec 2015 19:56:18 +0200 =D0=B1=D1=83=D0=BB=D0=BE =D0=BD=D0=B0=D0=
=BF=D0=B8=D1=81=D0=B0=D0=BD=D0=BE Adrian Chadd  =

<adrian@freebsd.org>:

> heh, wanna submit a fix? :)
>

Done. Thanks!

>
>
> -a
>
>
> On 15 December 2015 at 09:55, Andriy Voskoboinyk <s3erios@gmail.com>  =

> wrote:
>>> hiya,
>>>
>>> this popped up from the freebsd.org coverity scan:
>>>
>>>
>>>
>>> ____________________________________________________________________=
____________________________________
>>> *** CID 1343338:  Memory - illegal accesses  (OVERRUN)
>>> /sys/dev/usb/wlan/if_urtwn.c: 4288 in urtwn_r88e_newassoc()
>>> 4282
>>> 4283            if (!isnew)
>>> 4284                    return;
>>> 4285
>>> 4286            URTWN_NT_LOCK(sc);
>>> 4287            for (id =3D 0; id <=3D URTWN_MACID_MAX(sc); id++) {
>>>>>>
>>>>>>     CID 1343338:  Memory - illegal accesses  (OVERRUN)
>>>>>>     Overrunning array "sc->node_list" of 63 8-byte elements at  =

>>>>>> element
>>>>>> index 63 (byte offset 504) using index "id" (which evaluates to 6=
3).
>>>
>>> 4288                    if (id !=3D URTWN_MACID_BC && sc->node_list[=
id]  =

>>> =3D=3D
>>> NULL) {
>>> 4289                            un->id =3D id;
>>> 4290                            sc->node_list[id] =3D ni;
>>> 4291                            break;
>>> 4292                    }
>>> 4293            }
>>>
>>> Would one of you figure it out?
>>>
>>> Thanks!
>>>
>>>
>>> -a
>>
>>
>> #define R88E_MACID_MAX          63
>> ...
>> struct ieee80211_node           *node_list[R88E_MACID_MAX];
>>
>> of course, I mean here 64, not 63 (probably, it was a bad idea to  =

>> replace
>> first inaccessible element with last accessible).
> _______________________________________________
> freebsd-wireless@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
> To unsubscribe, send any mail to  =

> "freebsd-wireless-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.x9o5mby84dikkl>