git.samba.org - sfrench/cifs-2.6.git/commit

author	Kees Cook <keescook@chromium.org>
	Wed, 7 Feb 2024 10:30:33 +0000 (02:30 -0800)
committer	Kalle Valo <kvalo@kernel.org>
	Mon, 12 Feb 2024 15:37:59 +0000 (17:37 +0200)
commit	14ddc470ba22057f7734245a6a521d764f8a7fbe
tree	2708dff39e69a8c685dbe769753492c8693b88bc	tree
parent	c08a986344a5eb80ae3651f33d0f386cd9e97252	commit \| diff

wifi: mwifiex: Refactor 1-element array into flexible array in struct mwifiex_ie_types_chan_list_param_set

struct mwifiex_ie_types_chan_list_param_set::chan_scan_param is treated
as a flexible array, so convert it into one so that it doesn't trip
the array bounds sanitizer[1]. Only a few places were using sizeof()
on the whole struct, so adjust those to follow the calculation pattern
to avoid including the trailing single element.

Examining binary output differences doesn't appear to show any literal
size values changing, though it is obfuscated a bit by the compiler
adjusting register usage and stack spill slots, etc.

Link: https://github.com/KSPP/linux/issues/51
Cc: Brian Norris <briannorris@chromium.org>
Cc: Kalle Valo <kvalo@kernel.org>
Cc: Dmitry Antipov <dmantipov@yandex.ru>
Cc: Johannes Berg <johannes.berg@intel.com>
Cc: zuoqilin <zuoqilin@yulong.com>
Cc: Ruan Jinjie <ruanjinjie@huawei.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://msgid.link/20240207103024.make.423-kees@kernel.org

drivers/net/wireless/marvell/mwifiex/11n.c		diff \| blob \| history
drivers/net/wireless/marvell/mwifiex/fw.h		diff \| blob \| history
drivers/net/wireless/marvell/mwifiex/scan.c		diff \| blob \| history