git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Yi Cong <yicong@kylinos.cn>
	Fri, 6 Mar 2026 07:16:27 +0000 (15:16 +0800)
committer	Ping-Ke Shih <pkshih@realtek.com>
	Mon, 16 Mar 2026 05:50:19 +0000 (13:50 +0800)
commit	f8a2fc809bfeb49130709b31a4d357a049f28547
tree	4865e0696db735f5bbec41a5e809e79fa8985107	tree \| snapshot
parent	2a585b2efb48a86cd32a953ba84cf1557a655b40	commit \| diff

wifi: rtl8xxxu: fix potential use of uninitialized value

The local variables 'mcs' and 'nss' in rtl8xxxu_update_ra_report() are
passed to rtl8xxxu_desc_to_mcsrate() as output parameters. If the helper
function encounters an unhandled rate index, it may return without setting
these values, leading to the use of uninitialized stack data.

Remove the helper rtl8xxxu_desc_to_mcsrate() and inline the logic into
rtl8xxxu_update_ra_report(). This fixes the use of uninitialized 'mcs'
and 'nss' variables for legacy rates.

The new implementation explicitly handles:
- Legacy rates: Set bitrate only.
- HT rates (MCS0-15): Set MCS flags, index, and NSS (1 or 2) directly.
- Invalid rates: Return early.

Fixes: 7de16123d9e2 ("wifi: rtl8xxxu: Introduce rtl8xxxu_update_ra_report")
Cc: stable@vger.kernel.org
Suggested-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Yi Cong <yicong@kylinos.cn>
Link: https://lore.kernel.org/all/96e31963da0c42dcb52ce44f818963d7@realtek.com/
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20260306071627.56501-1-cong.yi@linux.dev