On 11/4/2024 8:10 AM, Aleksei Vetrov wrote:
Hello everyone,
On Tue, Oct 29, 2024 at 01:22:11PM +0000, Aleksei Vetrov wrote:
The channels array in the cfg80211_scan_request has a __counted_by attribute attached to it, which points to the n_channels variable. This attribute is used in bounds checking, and if it is not set before the array is filled, then the bounds sanitizer will issue a warning or a kernel panic if CONFIG_UBSAN_TRAP is set.
This patch sets the size of allocated memory as the initial value for n_channels. It is updated with the actual number of added elements after the array is filled.
Fixes: aa4ec06c455d ("wifi: cfg80211: use __counted_by where appropriate") Cc: stable@vger.kernel.org Signed-off-by: Aleksei Vetrov vvvvvv@google.com
Changes in v2:
- Added Fixes tag and added stable to CC
- Link to v1: https://lore.kernel.org/r/20241028-nl80211_parse_sched_scan-bounds-checker-f...
I would really appreciate it if someone take a look at this single line patch. It looks like v2 of this patch has slipped through the cracks...
It has not slipped through the cracks, it is being tracked in patchwork: https://patchwork.kernel.org/project/linux-wireless/patch/20241029-nl80211_p...
The wireless maintainers have a lot of work and it can take weeks to process new patches.
Have patience, /jeff