rtl8188eus
rtl8188eus copied to clipboard
Published
20 hours ago •
aircrack-ng
aircrack-ng
Kernel 6.7-6.11 build support and other fixes
According to issue https://github.com/aircrack-ng/rtl8188eus/issues/273:
[ +0.000036] UBSAN: shift-out-of-bounds in /root/tmp/rtl8188eus/hal/phydm/phydm_phystatus.c:1751:67
[ +0.000041] shift exponent 63 is too large for 32-bit type 'int'
where at hal/phydm/phydm_phystatus.c:1750-1751 following code is found:
i = 63;
sta->rssi_stat.ofdm_pkt_cnt -= (u8)((sta->rssi_stat.packet_map >> i) & BIT(0));
trying to fix it
sta->rssi_stat.packet_map is to be split as follows:
sta is struct cmn_sta_info defined in include/cmn_info/rtw_sta_info.h:188
struct cmn_sta_info {
u16 dm_ctrl;
enum channel_width bw_mode; /*max bandwidth*/
u8 mac_id;
u8 mac_addr[6];
u16 aid;
enum rf_type mimo_type; /*sta XTXR*/
struct rssi_info rssi_stat;
struct ra_sta_info ra_info;
u16 tx_moving_average_tp; /*tx average MBps*/
u16 rx_moving_average_tp; /*rx average MBps*/
u8 stbc_en:2; /*Driver : really use stbc!!*/
u8 ldpc_en:2;
enum wireless_set support_wireless_set;
#ifdef CONFIG_BEAMFORMING
struct bf_cmn_info bf_info;
#endif
u8 sm_ps:2;
struct dtp_info dtp_stat; /*Dynamic Tx power offset*/
/*u8 pw2cca_over_TH_cnt;*/
/*u8 total_pw2cca_cnt;*/
};
rssi_stat is struct rssi_info defined in include/cmn_info/rtw_sta_info.h:148
struct rssi_info {
s8 rssi;
s8 rssi_cck;
s8 rssi_ofdm;
u8 packet_map;
u8 ofdm_pkt_cnt;
u8 cck_pkt_cnt;
u16 cck_sum_power;
u8 is_send_rssi;
u8 valid_bit;
s16 rssi_acc; /*accumulate RSSI for per packet MA sum*/
};
packet_map is u8 (short unsigned int) with size of 8 bits that's why shift can't be more than 8. the logic of code is a shift up to last bit of packet_map and next bitwise AND BIT(0) that's why shift is to be equal to 7.
