On Thu, 2017-03-23 at 13:40 +0300, Dan Carpenter wrote:
> This is a static analysis fix. The warning is:
>
> drivers/net/wireless/intel/iwlwifi/mvm/fw-dbg.c:912
> iwl_mvm_fw_dbg_collect()
> warn: integer overflows 'sizeof(*desc) + len'
>
> I guess this code is supposed to take a NUL character, but if we write
> zero bytes then it tries to write -1 characters and crashes.
>
> Fixes: c91b865cb14d ("iwlwifi: mvm: support description for user triggered fw
> dbg collection")
> Signed-off-by: Dan Carpenter <[email protected]>
>
> diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
> b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
> index a260cd503200..077bfd8f4c0c 100644
> --- a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
> +++ b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
> @@ -1056,6 +1056,8 @@ static ssize_t iwl_dbgfs_fw_dbg_collect_write(struct
> iwl_mvm *mvm,
>
> if (ret)
> return ret;
> + if (count == 0)
> + return 0;
>
> iwl_mvm_fw_dbg_collect(mvm, FW_DBG_TRIGGER_USER, buf,
> (count - 1), NULL);
Thanks! I'm going to push this via our internal tree.
--
Cheers,
Luca.
