mac80211: airtime: Fix an off by one in ieee80211_calc_rx_airtime()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This code was copied from mt76 and inherited an off by one bug from
there. The > should be >= so that we don't read one element beyond
the end of the array.

Fixes: db3e1c40cf2f ("mac80211: Import airtime calculation code from mt76")
Reported-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Link: https://lore.kernel.org/r/20191126120910.ftr4t7me3by32aiz@kili.mountain
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

authored by

Dan Carpenter and committed by

Johannes Berg 6 years ago e548f749 56cb31e1

+1 -1

1 changed file

expand all

net

mac80211

airtime.c

+1 -1

net/mac80211/airtime.c

··· 442 442 return 0; 443 443 444 444 sband = hw->wiphy->bands[status->band]; 445 - if (!sband || status->rate_idx > sband->n_bitrates) 445 + if (!sband || status->rate_idx >= sband->n_bitrates) 446 446 return 0; 447 447 448 448 rate = &sband->bitrates[status->rate_idx];