From a90f2f7a80daf23fd5a179480d4c8f1c8548dee0 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 23 Feb 2025 16:14:50 +0200
Subject: [PATCH] Use pointer to Action frame body instead of Category field

This will hopefully silence some incorrect static analyzer warnings
about out-of-bounds reads since mgmt->u.action.category is an u8 while
this is really getting a pointer to that location in the Action frame
body and not just the 8-bit Category field.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/ap/ieee802_11.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 64b5b6bbf..01e07d5cf 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -6248,7 +6248,7 @@ static int hostapd_action_vs(struct hostapd_data *hapd,
 	const u8 *pos, *end;
 	u32 oui_type;
 
-	pos = &mgmt->u.action.category;
+	pos = (const u8 *) &mgmt->u.action;
 	end = ((const u8 *) mgmt) + len;
 
 	if (end - pos < 1 + 4)
-- 
2.47.3