Message ID | 20191126120910.ftr4t7me3by32aiz@kili.mountain (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | mac80211: airtime: Fix an off by one in ieee80211_calc_rx_airtime() | expand |
Dan Carpenter <dan.carpenter@oracle.com> writes: > This code was copied from mt76 and inherited an off by one bug from > there. The > should be >= so that we don't read one element beyond > the end of the array. > > Fixes: db3e1c40cf2f ("mac80211: Import airtime calculation code from mt76") > Reported-by: Toke Høiland-Jørgensen <toke@redhat.com> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- Thanks! Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
diff --git a/net/mac80211/airtime.c b/net/mac80211/airtime.c index 63cb0028b02d..9fc2968856c0 100644 --- a/net/mac80211/airtime.c +++ b/net/mac80211/airtime.c @@ -442,7 +442,7 @@ u32 ieee80211_calc_rx_airtime(struct ieee80211_hw *hw, return 0; sband = hw->wiphy->bands[status->band]; - if (!sband || status->rate_idx > sband->n_bitrates) + if (!sband || status->rate_idx >= sband->n_bitrates) return 0; rate = &sband->bitrates[status->rate_idx];
This code was copied from mt76 and inherited an off by one bug from there. The > should be >= so that we don't read one element beyond the end of the array. Fixes: db3e1c40cf2f ("mac80211: Import airtime calculation code from mt76") Reported-by: Toke Høiland-Jørgensen <toke@redhat.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- net/mac80211/airtime.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)