ath6kl: add an extra band check to ath6kl_wmi_beginscan_cmd()

Dan reported that smatch found a possible issue in ath6kl_wmi_beginscan_cmd()
where we might access sc->supp_rates beyond the end. It shouldn't happen as
ar->wiphy->bands always have just the first two bands set, but add an extra
check just to be sure.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>

diff --git a/drivers/net/wireless/ath/ath6kl/wmi.c b/drivers/net/wireless/ath/ath6kl/wmi.c
index 31a3081..87aefb4 100644 (file)
--- a/drivers/net/wireless/ath/ath6kl/wmi.c
+++ b/drivers/net/wireless/ath/ath6kl/wmi.c
@@ -2029,6 +2029,9 @@ int ath6kl_wmi_beginscan_cmd(struct wmi *wmi, u8 if_idx,
                if (!sband)
                        continue;
 
                if (!sband)
                        continue;
 

+               if (WARN_ON(band >= ATH6KL_NUM_BANDS))
+                       break;
+

                ratemask = rates[band];
                supp_rates = sc->supp_rates[band].rates;
                num_rates = 0;
                ratemask = rates[band];
                supp_rates = sc->supp_rates[band].rates;
                num_rates = 0;