From 561eb96ef38b11a34cc93a1b85c89d7a22029eaa Mon Sep 17 00:00:00 2001 From: Kalle Valo Date: Tue, 13 Dec 2011 14:51:58 +0200 Subject: [PATCH] ath6kl: fix reading of FW IE capabilities For some strange reason I used ALIGN() to calculate index to the buffer. That is totally bogus and wouldn't work when it tried to read the second bit. Fix it by removing the ALIGN() altogether. Also check that ie_len is not too short. Signed-off-by: Kalle Valo --- drivers/net/wireless/ath/ath6kl/init.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath6kl/init.c b/drivers/net/wireless/ath/ath6kl/init.c index c97f83ca0ff27..5753f00a0c0db 100644 --- a/drivers/net/wireless/ath/ath6kl/init.c +++ b/drivers/net/wireless/ath/ath6kl/init.c @@ -913,12 +913,15 @@ static int ath6kl_fetch_fw_api2(struct ath6kl *ar) ar->hw.reserved_ram_size); break; case ATH6KL_FW_IE_CAPABILITIES: + if (ie_len < DIV_ROUND_UP(ATH6KL_FW_CAPABILITY_MAX, 8)) + break; + ath6kl_dbg(ATH6KL_DBG_BOOT, "found firmware capabilities ie (%zd B)\n", ie_len); for (i = 0; i < ATH6KL_FW_CAPABILITY_MAX; i++) { - index = ALIGN(i, 8) / 8; + index = i / 8; bit = i % 8; if (data[index] & (1 << bit)) -- 2.39.5