wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc

Due to the lack of checks on the clc array, if the firmware supports more clc configuration, it will cause illegal memory access. Cc: stable@vger.kernel.org Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips") Signed-off-by: Ming Yen Hsieh <mingyen.hsieh@mediatek.com> Link: https://patch.msgid.link/20240819015334.14580-1-mingyen.hsieh@mediatek.com Signed-off-by: Felix Fietkau <nbd@nbd.name>
author: Ming Yen Hsieh <mingyen.hsieh@mediatek.com> 2024-08-19 04:53:33 +0300
committer: Felix Fietkau <nbd@nbd.name> 2024-09-06 15:23:08 +0300
commit: 9679ca7326e52282cc923c4d71d81c999cb6cd55 (patch)
tree: 29fb476432c2e3ccc4138e5431edc31e2f323f13 /drivers/net/wireless
parent: 5acdc432f832d810e0d638164c393b877291d9b4 (diff)
download: linux-9679ca7326e52282cc923c4d71d81c999cb6cd55.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c
index e07b43dd8638..748ea6adbc6b 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c
@@ -638,6 +638,9 @@ static int mt7925_load_clc(struct mt792x_dev *dev, const char *fw_name)
 	for (offset = 0; offset < len; offset += le32_to_cpu(clc->len)) {
 		clc = (const struct mt7925_clc *)(clc_base + offset);
 
+		if (clc->idx > ARRAY_SIZE(phy->clc))
+			break;
+
 		/* do not init buf again if chip reset triggered */
 		if (phy->clc[clc->idx])
 			continue;
author	Ming Yen Hsieh <mingyen.hsieh@mediatek.com>	2024-08-19 04:53:33 +0300
committer	Felix Fietkau <nbd@nbd.name>	2024-09-06 15:23:08 +0300
commit	9679ca7326e52282cc923c4d71d81c999cb6cd55 (patch)
tree	29fb476432c2e3ccc4138e5431edc31e2f323f13 /drivers/net/wireless
parent	5acdc432f832d810e0d638164c393b877291d9b4 (diff)
download	linux-9679ca7326e52282cc923c4d71d81c999cb6cd55.tar.xz