fe9e4d0c39311d0f97b024147a0d155333f388b5 - linux

commit	fe9e4d0c39311d0f97b024147a0d155333f388b5	[log] [tgz]
author	Ajay.Kathat@microchip.com <Ajay.Kathat@microchip.com>	Fri Aug 29 22:58:43 2025 +0000
committer	Johannes Berg <johannes.berg@intel.com>	Wed Sep 03 09:39:32 2025 +0200
tree	5d28d469aa1ca86a5131cd3f84faf7321cd06516
parent	62b635dcd69c4fde7ce1de4992d71420a37e51e3 [diff]

wifi: wilc1000: avoid buffer overflow in WID string configuration

Fix the following copy overflow warning identified by Smatch checker.

 drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()
        error: '__memcpy()' 'cfg->s[i]->str' copy overflow (512 vs 65537)

This patch introduces size check before accessing the memory buffer.
The checks are base on the WID type of received data from the firmware.
For WID string configuration, the size limit is determined by individual
element size in 'struct wilc_cfg_str_vals' that is maintained in 'len' field
of 'struct wilc_cfg_str'.

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/linux-wireless/aLFbr9Yu9j_TQTey@stanley.mountain
Suggested-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Ajay Singh <ajay.kathat@microchip.com>
Link: https://patch.msgid.link/20250829225829.5423-1-ajay.kathat@microchip.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

2 files changed

tree: 5d28d469aa1ca86a5131cd3f84faf7321cd06516