git.baikalelectronics.ru Git - kernel.git/commit

author	Dan Carpenter <error27@gmail.com>
	Wed, 30 Dec 2009 16:10:18 +0000 (18:10 +0200)
committer	Greg Kroah-Hartman <gregkh@suse.de>
	Thu, 4 Mar 2010 00:42:39 +0000 (16:42 -0800)
commit	062af56653911350bc1be62cce34208aa296500f
tree	c650ae893178a341ec3c1b598f1a564bd436ac67	tree \| snapshot
parent	3b79d0b8b6bddd51da4e9af2818cc09e1119ec6c	commit \| diff

Staging: rtl8192su: buffer overflow in r8192U_core.c

There was a buffer overflow in the original code.  rf_path was 2 and it should
have been only 0 or 1.

I don't have the hardware for this, so I can't test it.

Looking at the code, there are two almost identical sections for updating the
hal variables.  The first one was clearly wrong and had the array overflow as
well.  The second one looked correct.  I decided to use the second section as
is except for whitespace changes.

The differences between the two original sections:
1)  The second one had more debug output.
2)  The second one looped over rf_path instead of corrupting data.
3)  The second one had these additional assigments.
                      if (rf_path == 0) {
                              priv->TxPowerLevelOFDM24G[i] = priv->RfTxPwrLevelOfdm1T[rf_path][i] ;
                              priv->TxPowerLevelCCK[i] = priv->RfTxPwrLevelCck[rf_path][i];
                      }

Signed-off-by: Dan Carpenter <error27@gmail.com>
Cc: Jerry chuang <wlanfae@realtek.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>