From: Gustavo A. R. Silva Date: Mon, 30 Apr 2018 12:50:40 +0000 (-0500) Subject: staging: wilc1000: fix infinite loop and out-of-bounds access X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=ad109ba1378679f922f7286e7a9e50e2be778d87;p=openwrt%2Fstaging%2Fblogic.git staging: wilc1000: fix infinite loop and out-of-bounds access If i < slot_id is initially true then it will remain true. Also, as i is being decremented it will end up accessing memory out of bounds. Fix this by incrementing *i* instead of decrementing it. Addresses-Coverity-ID: 1468454 ("Infinite loop") Fixes: faa657641081 ("staging: wilc1000: refactor scan() to free kmalloc memory on failure cases") Signed-off-by: Gustavo A. R. Silva Reviewed-by: Ajay Singh Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c index 92322d6f061d..d6401a04fe3f 100644 --- a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c +++ b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c @@ -608,7 +608,7 @@ wilc_wfi_cfg_alloc_fill_ssid(struct cfg80211_scan_request *request, out_free: - for (i = 0; i < slot_id ; i--) + for (i = 0; i < slot_id; i++) kfree(ntwk->net_info[i].ssid); kfree(ntwk->net_info);