1. Patchew
  2. linux
  3. View series

[PATCH v2] staging: rtl8723bs: fix fortify warnings by using struct_group

yingche posted 1 patch 1 month ago 
drivers/staging/rtl8723bs/core/rtw_security.c | 2 +-
drivers/staging/rtl8723bs/core/rtw_xmit.c     | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
[PATCH v2] staging: rtl8723bs: fix fortify warnings by using struct_group
Posted by yingche 1 month ago 
Fix fortify_memcpy_chk warnings in rtw_BIP_verify() and
rtw_mgmt_xmitframe_coalesce() functions by using struct_group
to access consecutive address fields.

Changed memcpy calls to use &hdr->addrs instead of hdr->addr1
when copying 18 bytes (addr1 + addr2 + addr3).

This resolves 'detected read beyond size of field' warnings
by using the proper struct_group mechanism as suggested by
the compiler.

Signed-off-by: yingche <zxcv2569763104@gmail.com>

---
v2: Use sizeof() instead of magic number 18 (Dan Carpenter)
---
 drivers/staging/rtl8723bs/core/rtw_security.c | 2 +-
 drivers/staging/rtl8723bs/core/rtw_xmit.c     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
index 8367fd15c6b1..3d99d045f4b6 100644
--- a/drivers/staging/rtl8723bs/core/rtw_security.c
+++ b/drivers/staging/rtl8723bs/core/rtw_security.c
@@ -1363,7 +1363,7 @@ u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe)
 		ClearPwrMgt(BIP_AAD);
 		ClearMData(BIP_AAD);
 		/* conscruct AAD, copy address 1 to address 3 */
-		memcpy(BIP_AAD+2, pwlanhdr->addr1, 18);
+		memcpy(BIP_AAD + 2, &pwlanhdr->addrs, sizeof(pwlanhdr->addrs));
 
 		if (omac1_aes_128(padapter->securitypriv.dot11wBIPKey[padapter->securitypriv.dot11wBIPKeyid].skey
 			, BIP_AAD, ori_len, mic))
diff --git a/drivers/staging/rtl8723bs/core/rtw_xmit.c b/drivers/staging/rtl8723bs/core/rtw_xmit.c
index 8c6841f078b4..21690857fd62 100644
--- a/drivers/staging/rtl8723bs/core/rtw_xmit.c
+++ b/drivers/staging/rtl8723bs/core/rtw_xmit.c
@@ -1209,7 +1209,7 @@ s32 rtw_mgmt_xmitframe_coalesce(struct adapter *padapter, struct sk_buff *pkt, s
 		ClearPwrMgt(BIP_AAD);
 		ClearMData(BIP_AAD);
 		/* conscruct AAD, copy address 1 to address 3 */
-		memcpy(BIP_AAD+2, pwlanhdr->addr1, 18);
+		memcpy(BIP_AAD + 2, &pwlanhdr->addrs, sizeof(pwlanhdr->addrs));
 		/* copy management fram body */
 		memcpy(BIP_AAD+BIP_AAD_SIZE, MGMT_body, frame_body_len);
 		/* calculate mic */
-- 
2.43.0
Re: [PATCH v2] staging: rtl8723bs: fix fortify warnings by using struct_group
Posted by Dan Carpenter 1 month ago 
On Fri, Aug 29, 2025 at 12:09:06PM +0800, yingche wrote:
> Fix fortify_memcpy_chk warnings in rtw_BIP_verify() and
> rtw_mgmt_xmitframe_coalesce() functions by using struct_group
> to access consecutive address fields.
> 
> Changed memcpy calls to use &hdr->addrs instead of hdr->addr1
> when copying 18 bytes (addr1 + addr2 + addr3).
> 
> This resolves 'detected read beyond size of field' warnings
> by using the proper struct_group mechanism as suggested by
> the compiler.
> 
> Signed-off-by: yingche <zxcv2569763104@gmail.com>
> 
> ---
> v2: Use sizeof() instead of magic number 18 (Dan Carpenter)

Thanks!

Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>

regards,
dan carpenter

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.