Kevin Cernekee <cerne...@chromium.org> wrote: > In brcmf_p2p_notify_rx_mgmt_p2p_probereq(), chanspec is assigned before > the length of rxframe is validated. This could lead to uninitialized > data being accessed (but not printed). Since we already have a > perfectly good endian-swapped copy of rxframe->chanspec in ch.chspec, > and ch.chspec is not modified by decchspec(), avoid the extra > assignment and use ch.chspec in the debug print. > > Suggested-by: Mattias Nissler <mniss...@chromium.org> > Signed-off-by: Kevin Cernekee <cerne...@chromium.org> > Reviewed-by: Arend van Spriel <arend.vanspr...@broadcom.com>
2 patches applied to wireless-drivers-next.git, thanks. 73f2c8e933b1 brcmfmac: Avoid possible out-of-bounds read a7c9acc452b2 brcmfmac: Delete redundant length check -- https://patchwork.kernel.org/patch/9954603/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
