wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier

Since adding __counted_by(n_channels) to struct cfg80211_scan_request,
anything adding to the channels array must increment n_channels first.
Move n_channels increment earlier.

Reported-by: John Rowley <lkml@johnrowley.me>
Closes: https://lore.kernel.org/stable/1815535c709ba9d9.156c6a5c9cdf6e59.b249b6b6a5ee4634@localhost.localdomain/
Fixes: aa4ec06c455d ("wifi: cfg80211: use __counted_by where appropriate")
Signed-off-by: Kees Cook <kees@kernel.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://patch.msgid.link/20241230183610.work.680-kees@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index a180f21b3d28dbc44784e893c6aaf5c7a3320e1e..bc77cfede492f8fedd145c86d02e507f4b189d79 100644 (file)
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -799,12 +799,11 @@ static  void cfg80211_scan_req_add_chan(struct cfg80211_scan_request *request,
                }
        }
 
+       request->n_channels++;
        request->channels[n_channels] = chan;
        if (add_to_6ghz)
                request->scan_6ghz_params[request->n_6ghz_params].channel_idx =
                        n_channels;
-
-       request->n_channels++;
 }
 
 static bool cfg80211_find_ssid_match(struct cfg80211_colocated_ap *ap,