Re: [PATCH AUTOSEL 5.10 01/34] wifi: rtw88: phy: fix warning of possible buffer overflow
From: Pavel Machek
Date: Tue Oct 18 2022 - 05:39:40 EST
Hi!
> [ Upstream commit 86331c7e0cd819bf0c1d0dcf895e0c90b0aa9a6f ]
>
> reported by smatch
>
> phy.c:854 rtw_phy_linear_2_db() error: buffer overflow 'db_invert_table[i]'
> 8 <= 8 (assuming for loop doesn't break)
>
> However, it seems to be a false alarm because we prevent it originally via
> if (linear >= db_invert_table[11][7])
> return 96; /* maximum 96 dB */
>
> Still, we adjust the code to be more readable and avoid smatch warning.
There's no bug, it is just smatch that is confused. We should not take
this to 5.10.
Best regards,
Pavel
> drivers/net/wireless/realtek/rtw88/phy.c | 21 ++++++++-------------
> 1 file changed, 8 insertions(+), 13 deletions(-)
>
> diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c
> index af8b703d11d4..0fc5a893c395 100644
> --- a/drivers/net/wireless/realtek/rtw88/phy.c
> +++ b/drivers/net/wireless/realtek/rtw88/phy.c
> @@ -604,23 +604,18 @@ static u8 rtw_phy_linear_2_db(u64 linear)
> u8 j;
> u32 dB;
>
> - if (linear >= db_invert_table[11][7])
> - return 96; /* maximum 96 dB */
> -
> for (i = 0; i < 12; i++) {
> - if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][7])
> - break;
> - else if (i > 2 && linear <= db_invert_table[i][7])
> - break;
> + for (j = 0; j < 8; j++) {
> + if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
> + goto cnt;
> + else if (i > 2 && linear <= db_invert_table[i][j])
> + goto cnt;
> + }
> }
>
> - for (j = 0; j < 8; j++) {
> - if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
> - break;
> - else if (i > 2 && linear <= db_invert_table[i][j])
> - break;
> - }
> + return 96; /* maximum 96 dB */
>
> +cnt:
> if (j == 0 && i == 0)
> goto end;
>
> --
> 2.35.1
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Attachment:
signature.asc
Description: PGP signature