Netgear-A6210 icon indicating copy to clipboard operation
Netgear-A6210 copied to clipboard
verified publisher icon jurobystricky

Broken array indexing in sta_ioctl.c:831

Open genodeftest opened this issue 8 years ago • 0 comments

From #89:

/home/pi/wifi-src/genodeftest-Netgear-A6210/os/linux/../../os/linux/sta_ioctl.c: In function ‘rt_ioctl_giwscan’:
/home/pi/wifi-src/genodeftest-Netgear-A6210/os/linux/../../os/linux/sta_ioctl.c:831:14: warning: array subscript is below array bounds [-Warray-bounds]
   current_ev = IWE_STREAM_ADD_POINT(info, current_ev, end_buf,&iwe, (char *)pIoctlScan->MainSharedKey[(iwe.u.data.flags & IW_ENCODE_INDEX)-1]);
              ^

This code looks very broken and needs some fixes. Currently, the array index is either ((0x0000 | 0x0800) & 0x00FF) - 1 = (0x0800 & 0x00FF) - 1 = 0x0000 - 1 = -1 or (0x8000 & 0x00FF) - 1 = 0x0000 - 1 = -1 whereas the array has a size of [4][16], so only 0, 1, 2, 3 are allowed.

genodeftest avatar Dec 02 '17 14:12 genodeftest