From: Kees Cook Date: Thu, 17 Jun 2021 17:13:17 +0000 (-0700) Subject: rtlwifi: rtl8192de: Fully initialize curvecount_val X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=0d5e743db480642818401fb34bbc3f0da28abdfb;p=linux.git rtlwifi: rtl8192de: Fully initialize curvecount_val In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally writing across neighboring array fields. The size argument to memset() is bytes, but the array element size of curvecount_val is u32, so "CV_CURVE_CNT * 2" was only 1/4th of the contents of curvecount_val. Adjust memset() to wipe full buffer size. Signed-off-by: Kees Cook Reviewed-by: Larry Finger Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20210617171317.3410722-1-keescook@chromium.org --- diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c index 68ec009ea1578..76dd881ef9bbb 100644 --- a/drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c +++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c @@ -2574,7 +2574,7 @@ static void _rtl92d_phy_lc_calibrate_sw(struct ieee80211_hw *hw, bool is2t) RTPRINT(rtlpriv, FINIT, INIT_IQK, "path-B / 2.4G LCK\n"); } - memset(&curvecount_val[0], 0, CV_CURVE_CNT * 2); + memset(curvecount_val, 0, sizeof(curvecount_val)); /* Set LC calibration off */ rtl_set_rfreg(hw, (enum radio_path)index, RF_CHNLBW, 0x08000, 0x0);