git.samba.org / sfrench / cifs-2.6.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 79ba106)
wifi: rtw88: phy: fix warning of possible buffer overflow
authorZong-Zhe Yang <kevin_yang@realtek.com>
Wed, 27 Jul 2022 06:50:03 +0000 (14:50 +0800)
committerKalle Valo <kvalo@kernel.org>
Tue, 9 Aug 2022 05:48:08 +0000 (08:48 +0300)
reported by smatch

phy.c:854 rtw_phy_linear_2_db() error: buffer overflow 'db_invert_table[i]'
8 <= 8 (assuming for loop doesn't break)

However, it seems to be a false alarm because we prevent it originally via
       if (linear >= db_invert_table[11][7])
               return 96; /* maximum 96 dB */

Still, we adjust the code to be more readable and avoid smatch warning.

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220727065003.28340-5-pkshih@realtek.com
drivers/net/wireless/realtek/rtw88/phy.c patch | blob | history

diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c
index 8982e0c98dac9f788edaf0096c69cd5b97e35656..da1efec0aa85c4d2ecf4f7a178815a05ddd9edef 100644 (file)
--- a/drivers/net/wireless/realtek/rtw88/phy.c
+++ b/drivers/net/wireless/realtek/rtw88/phy.c
@@ -816,23 +816,18 @@ static u8 rtw_phy_linear_2_db(u64 linear)
        u8 j;
        u32 dB;
 
-       if (linear >= db_invert_table[11][7])
-               return 96; /* maximum 96 dB */
-
        for (i = 0; i < 12; i++) {
-               if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][7])
-                       break;
-               else if (i > 2 && linear <= db_invert_table[i][7])
-                       break;
+               for (j = 0; j < 8; j++) {
+                       if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
+                               goto cnt;
+                       else if (i > 2 && linear <= db_invert_table[i][j])
+                               goto cnt;
+               }
        }
 
-       for (j = 0; j < 8; j++) {
-               if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
-                       break;
-               else if (i > 2 && linear <= db_invert_table[i][j])
-                       break;
-       }
+       return 96; /* maximum 96 dB */
 
+cnt:
        if (j == 0 && i == 0)
                goto end;
 
Unnamed repository; edit this file 'description' to name the repository.