4ff496c12e6def805c2e7dcf7dcbeced95279053
[oweals/openwrt.git] /
1 From: Dan Carpenter <dan.carpenter@oracle.com>
2 Date: Tue, 26 Nov 2019 15:09:39 +0300
3 Subject: [PATCH] mac80211: airtime: Fix an off by one in
4  ieee80211_calc_rx_airtime()
5 MIME-Version: 1.0
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
8
9 This code was copied from mt76 and inherited an off by one bug from
10 there.  The > should be >= so that we don't read one element beyond
11 the end of the array.
12
13 Fixes: db3e1c40cf2f ("mac80211: Import airtime calculation code from mt76")
14 Reported-by: Toke Høiland-Jørgensen <toke@redhat.com>
15 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
16 Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
17 Link: https://lore.kernel.org/r/20191126120910.ftr4t7me3by32aiz@kili.mountain
18 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
19 ---
20
21 --- a/net/mac80211/airtime.c
22 +++ b/net/mac80211/airtime.c
23 @@ -442,7 +442,7 @@ u32 ieee80211_calc_rx_airtime(struct iee
24                         return 0;
25  
26                 sband = hw->wiphy->bands[status->band];
27 -               if (!sband || status->rate_idx > sband->n_bitrates)
28 +               if (!sband || status->rate_idx >= sband->n_bitrates)
29                         return 0;
30  
31                 rate = &sband->bitrates[status->rate_idx];