wifi: rtw89: fw: cast mfw_hdr pointer from address of zeroth byte of firmware->data

The firmware->size is validated before using firmware->data, but Coverity
still reports:
  Downcasting "firmware->data" from "u8 const *" to "struct rtw89_mfw_hdr"
  implies that the data that this pointer points to is tainted."

Using &firmware->data[0] to avoid the warning. No change logic at all.

Addresses-Coverity-ID: 1494046 ("Untrusted loop bound")
Addresses-Coverity-ID: 1544385 ("Untrusted array index read")

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20250325025424.14079-1-pkshih@realtek.com

diff --git a/drivers/net/wireless/realtek/rtw89/fw.c b/drivers/net/wireless/realtek/rtw89/fw.c
index c7172334f895d41261f9a40a0944c4623da17b28..16499fce94ccd91d91bb649b6a4eb35bf1b1d603 100644 (file)
--- a/drivers/net/wireless/realtek/rtw89/fw.c
+++ b/drivers/net/wireless/realtek/rtw89/fw.c
@@ -554,7 +554,7 @@ const struct rtw89_mfw_hdr *rtw89_mfw_get_hdr_ptr(struct rtw89_dev *rtwdev,
        if (sizeof(*mfw_hdr) > firmware->size)
                return NULL;
 
-       mfw_hdr = (const struct rtw89_mfw_hdr *)firmware->data;
+       mfw_hdr = (const struct rtw89_mfw_hdr *)&firmware->data[0];
 
        if (mfw_hdr->sig != RTW89_MFW_SIG)
                return NULL;