From: Brian Norris Date: Wed, 10 Dec 2014 09:39:18 +0000 (-0800) Subject: brcmsmac: don't leak kernel memory via printk() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=1d240d370290445e08a35917700776db60ffe831;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git brcmsmac: don't leak kernel memory via printk() Debug code prints the fifo name via custom dev_warn() wrappers. The fifo_names array is only non-zero when debugging is manually enabled, which is all well and good. However, it's *not* good that this array uses zero-length arrays in the non-debug case, and so it doesn't actually have any memory allocated to it. This means that as far as we know, fifo_names[i] actually points to garbage memory. I've seen this in my log: [ 4601.205511] brcmsmac bcma0:1: wl0: brcms_c_d11hdrs_mac80211: �GeL txop exceeded phylen 137/256 dur 1602/1504 So let's give this array space enough to fill it with a NULL byte. Signed-off-by: Brian Norris Cc: Brett Rudley Cc: Arend van Spriel Cc: "Franky (Zhenhui) Lin" Cc: Hante Meuleman Cc: "John W. Linville" Cc: linux-wireless@vger.kernel.org Cc: brcm80211-dev-list@broadcom.com Cc: netdev@vger.kernel.org Acked-by: Arend van Spriel Signed-off-by: John W. Linville --- diff --git a/drivers/net/wireless/brcm80211/brcmsmac/main.c b/drivers/net/wireless/brcm80211/brcmsmac/main.c index a104d7ac3796..eb8584a9c49a 100644 --- a/drivers/net/wireless/brcm80211/brcmsmac/main.c +++ b/drivers/net/wireless/brcm80211/brcmsmac/main.c @@ -316,7 +316,7 @@ static const u16 xmtfifo_sz[][NFIFO] = { static const char * const fifo_names[] = { "AC_BK", "AC_BE", "AC_VI", "AC_VO", "BCMC", "ATIM" }; #else -static const char fifo_names[6][0]; +static const char fifo_names[6][1]; #endif #ifdef DEBUG