On Sat, 2018-10-13 at 09:46 +0300, Luca Coelho wrote:
From: Luca Coelho luciano.coelho@intel.com
The rs_rate_from_ucode_rate() function may return -EINVAL if the rate is invalid, but none of the callsites check for the error, potentially making us access arrays with index IWL_RATE_INVALID, which is larger than the arrays, causing an out-of-bounds access. This will trigger KASAN warnings, such as the one reported in the bugzilla issue mentioned below.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=200659
Cc: stable@vger.kernel.org Signed-off-by: Luca Coelho luciano.coelho@intel.com
Kalle,
Just for the record, as we discussed on IRC, please take this patch directly to wireless-drivers-next for 4.20 so I don't need to send a pull-req just for it.
-- Cheers, Luca.