staging: wilc1000: fix infinite loop and out-of-bounds access

If i < slot_id is initially true then it will remain true. Also, as i is being decremented it will end up accessing memory out of bounds. Fix this by incrementing *i* instead of decrementing it. Addresses-Coverity-ID: 1468454 ("Infinite loop") Fixes: faa65764 ("staging: wilc1000: refactor scan() to free kmalloc memory on failure cases") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Reviewed-by: Ajay Singh <ajay.kathat@microchip.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

staging: wilc1000: fix infinite loop and out-of-bounds access
If i < slot_id is initially true then it will remain true. Also, as i is being decremented it will end up accessing memory out of bounds. Fix this by incrementing *i* instead of decrementing it. Addresses-Coverity-ID: 1468454 ("Infinite loop") Fixes: faa65764 ("staging: wilc1000: refactor scan() to free kmalloc memory on failure cases") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Reviewed-by: Ajay Singh <ajay.kathat@microchip.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ad109ba1 · Gustavo A. R. Silva · Greg Kroah-Hartman · ba36d10e · ad109ba1
Commit ad109ba1 authored Apr 30, 2018 by Gustavo A. R. Silva Committed by Greg Kroah-Hartman May 03, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/staging/wilc1000/wilc_wfi_cfgoperations.c drivers/staging/wilc1000/wilc_wfi_cfgoperations.c +1 -1

No files found.
--- a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
+++ b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
@@ -608,7 +608,7 @@ wilc_wfi_cfg_alloc_fill_ssid(struct cfg80211_scan_request *request,

 out_free:

-	for (i = 0; i < slot_id ; i--)
+	for (i = 0; i < slot_id; i++)
 		kfree(ntwk->net_info[i].ssid);

 	kfree(ntwk->net_info);