mirrors/linux
2
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-13 19:59:34 -04:00
Code Issues Packages Projects Releases Wiki Activity

wifi: rtw89: fw: cast mfw_hdr pointer from address of zeroth byte of firmware->data

Browse Source 
The firmware->size is validated before using firmware->data, but Coverity
still reports:
  Downcasting "firmware->data" from "u8 const *" to "struct rtw89_mfw_hdr"
  implies that the data that this pointer points to is tainted."

Using &firmware->data[0] to avoid the warning. No change logic at all.

Addresses-Coverity-ID: 1494046 ("Untrusted loop bound")
Addresses-Coverity-ID: 1544385 ("Untrusted array index read")

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20250325025424.14079-1-pkshih@realtek.com
This commit is contained in:
Ping-Ke Shih
2025-03-25 10:54:24 +08:00
parent 81433a8a4f
commit bc1265b5c9
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/net/wireless/realtek/rtw89/fw.c
View File

@@ -554,7 +554,7 @@ const struct rtw89_mfw_hdr *rtw89_mfw_get_hdr_ptr(struct rtw89_dev *rtwdev,
if (sizeof(*mfw_hdr) > firmware->size)
return NULL;
mfw_hdr = (const struct rtw89_mfw_hdr *)firmware->data;
mfw_hdr = (const struct rtw89_mfw_hdr *)&firmware->data[0];
if (mfw_hdr->sig != RTW89_MFW_SIG)
return NULL;