51901 – [TRIVIAL]mac80211/cfg.c:1995: possible bad call to memcpy ?

Bug 51901 - [TRIVIAL]mac80211/cfg.c:1995: possible bad call to memcpy ?

Summary: [TRIVIAL]mac80211/cfg.c:1995: possible bad call to memcpy ?

Status:	RESOLVED CODE_FIX

Alias:	None

Product:	Networking
Classification:	Unclassified
Component:	Wireless (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	networking_wireless@kernel-bugs.osdl.org

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-12-22 16:28 UTC by David Binderman
Modified:	2013-11-20 14:40 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	3.8-rc1
Subsystem:
Regression:	Yes
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Binderman 2012-12-22 16:28:46 UTC

The source code is 

static int ieee80211_set_mcast_rate(struct wiphy *wiphy, struct net_device *dev,
                    int rate[IEEE80211_NUM_BANDS])
{
    struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);

    memcpy(sdata->vif.bss_conf.mcast_rate, rate, sizeof(rate));

The compiler says

cfg.c: In function ‘int ieee80211_set_mcast_rate(wiphy*, net_device*, int*)’:
cfg.c:1995: warning: argument to ‘sizeof’ in ‘void* memcpy(void*, const void*, size_t)’ call is the same expression as the source; did you mean to dereference it? [-Wsizeof-pointer-memaccess]
     memcpy(rate2, rate, sizeof(rate));
                               ^

Here is static analyser cppcheck also finding the same problem

[linux-3.8-rc1/net/mac80211/cfg.c:1995]: (error) Using 'sizeof' on array given as function argument returns size of a pointer.


Suggest code rework.

Note You need to log in before you can comment on or make changes to this bug.