From: Kalle Valo <kvalo@qca.qualcomm.com>
Date: Sun, 10 Mar 2013 05:51:29 +0000 (+0200)
Subject: ath6kl: add an extra band check to ath6kl_wmi_beginscan_cmd()
X-Git-Tag: firefly_0821_release~3680^2~478^2~21^2^2~266^2~4
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=99089ab756a26c8f1be5942178bf9b3fa9ae54d6;p=firefly-linux-kernel-4.4.55.git

ath6kl: add an extra band check to ath6kl_wmi_beginscan_cmd()

Dan reported that smatch found a possible issue in ath6kl_wmi_beginscan_cmd()
where we might access sc->supp_rates beyond the end. It shouldn't happen as
ar->wiphy->bands always have just the first two bands set, but add an extra
check just to be sure.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
---

diff --git a/drivers/net/wireless/ath/ath6kl/wmi.c b/drivers/net/wireless/ath/ath6kl/wmi.c
index 31a308103f4c..87aefb4c4c23 100644
--- a/drivers/net/wireless/ath/ath6kl/wmi.c
+++ b/drivers/net/wireless/ath/ath6kl/wmi.c
@@ -2029,6 +2029,9 @@ int ath6kl_wmi_beginscan_cmd(struct wmi *wmi, u8 if_idx,
 		if (!sband)
 			continue;
 
+		if (WARN_ON(band >= ATH6KL_NUM_BANDS))
+			break;
+
 		ratemask = rates[band];
 		supp_rates = sc->supp_rates[band].rates;
 		num_rates = 0;