drivers/net/wireless/ath/ath9k/hif_usb.c +135 hif_usb_mgmt_cb(6) warn:
variable dereferenced before check 'cmd'
drivers/net/wireless/ath/ath9k/btcoex.c +77 ath9k_hw_init_btcoex_hw(38)
error: buffer overflow 'ah->hw_gen_timers.gen_timer_index' 32 <=
2009813776
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
.bt_first_slot_time = 5,
.bt_hold_rx_clear = true,
};
- u32 i;
+ u32 i, idx;
bool rxclear_polarity = ath_bt_config.bt_rxclear_polarity;
if (AR_SREV_9300_20_OR_LATER(ah))
SM(ATH_BTCOEX_BMISS_THRESH, AR_BT_BCN_MISS_THRESH) |
AR_BT_DISABLE_BT_ANT;
- for (i = 0; i < 32; i++)
- ah->hw_gen_timers.gen_timer_index[(debruijn32 << i) >> 27] = i;
+ for (i = 0; i < 32; i++) {
+ idx = (debruijn32 << i) >> 27;
+ ah->hw_gen_timers.gen_timer_index[idx] = i;
+ }
}
EXPORT_SYMBOL(ath9k_hw_init_btcoex_hw);
static void hif_usb_mgmt_cb(struct urb *urb)
{
struct cmd_buf *cmd = (struct cmd_buf *)urb->context;
- struct hif_device_usb *hif_dev = cmd->hif_dev;
+ struct hif_device_usb *hif_dev;
bool txok = true;
if (!cmd || !cmd->skb || !cmd->hif_dev)
return;
+ hif_dev = cmd->hif_dev;
+
switch (urb->status) {
case 0:
break;
git.openpandora.org / pandora-kernel.git / commitdiff