File broadcom-wl-fix-linux-6.5.patch of Package broadcom-wl

From 706489688523d4af9ce4422137e4bfdb2f70aab9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joan=20Bruguera=20Mic=C3=B3?= <joanbrugueram@gmail.com>
Date: Sat, 5 Aug 2023 20:54:12 +0000
Subject: [PATCH] Tentative patch for broadcom-wl 6.30.223.271 driver for Linux 6.5-rc1

Applies on top of all the patches applied to broadcom-wl-dkms 6.30.223.271-36 on Arch Linux

On Linux 6.5, due to commit 2d47c6956ab3 ("ubsan: Tighten UBSAN_BOUNDS
on GCC"), flexible trailing arrays declared like `whatever_t foo[1];`
will generate warnings when CONFIG_UBSAN & co. is enabled, such as:

    UBSAN: array-index-out-of-bounds in /var/lib/dkms/broadcom-wl/6.30.223.271/build/src/wl/sys/wl_linux.c:1919:4
    index 2 is out of range for type 'ether_addr [1]'
    CPU: 8 PID: 131 Comm: kworker/8:1 Tainted: P           OE      [...]
    Hardware name: [...]
    Workqueue: ipv6_addrconf addrconf_dad_work
    Call Trace:
     <TASK>
     dump_stack_lvl+0x47/0x60
     __ubsan_handle_out_of_bounds+0xc7/0x100
     _wl_set_multicast_list+0x372/0x710 [wl b2d4dadbf09aee67f0822b96bf7f4b96338be49b]
     ? __dev_mc_add+0xb3/0x150
     [...]

This was technically always wrong, but was detected now because of the
commit above, and because Ubuntu 23.04 enables CONFIG_UBSAN by default.
Thanks to Satadru Pramanik for the heads-up & report.

Migrate them to the standard C99 syntax `whatever_t foo[];` to fix it.
(Quite a few trailing one-element arrays remain unchanged, either
because they are never used, or never accessed past the first element)

Reported-by: Satadru Pramanik <satadru@gmail.com>
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2d47c6956ab3c8b580a59d7704aab3e2a4882b6c
Link: https://lwn.net/Articles/936728/
---
 src/include/bcmutils.h          |  2 +-
 src/include/wlioctl.h           | 10 +++++-----
 src/wl/sys/wl_cfg80211_hybrid.c |  4 ++--
 src/wl/sys/wl_cfg80211_hybrid.h |  8 ++++----
 src/wl/sys/wl_iw.c              |  4 ++--
 5 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/include/bcmutils.h b/src/include/bcmutils.h
index 5fafe3d..7ad55ae 100644
--- a/src/include/bcmutils.h
+++ b/src/include/bcmutils.h
@@ -558,7 +558,7 @@ typedef struct bcm_bit_desc_ex {
 typedef struct bcm_tlv {
 	uint8	id;
 	uint8	len;
-	uint8	data[1];
+	uint8	data[];
 } bcm_tlv_t;
 
 #define bcm_valid_tlv(elt, buflen) ((buflen) >= 2 && (int)(buflen) >= (int)(2 + (elt)->len))
diff --git a/src/include/wlioctl.h b/src/include/wlioctl.h
index 2c05c7c..62be93d 100644
--- a/src/include/wlioctl.h
+++ b/src/include/wlioctl.h
@@ -91,7 +91,7 @@ typedef struct wl_scan_results {
 	uint32 buflen;
 	uint32 version;
 	uint32 count;
-	wl_bss_info_t bss_info[1];
+	wl_bss_info_t bss_info[];
 } wl_scan_results_t;
 
 #define WL_MAXRATES_IN_SET		16	
@@ -129,7 +129,7 @@ typedef struct wl_uint32_list {
 
 	uint32 count;
 
-	uint32 element[1];
+	uint32 element[];
 } wl_uint32_list_t;
 
 typedef struct wl_assoc_params {
@@ -247,7 +247,7 @@ typedef struct _pmkid {
 
 typedef struct _pmkid_list {
 	uint32	npmkid;
-	pmkid_t	pmkid[1];
+	pmkid_t	pmkid[];
 } pmkid_list_t;
 
 typedef struct _pmkid_cand {
@@ -257,7 +257,7 @@ typedef struct _pmkid_cand {
 
 typedef struct _pmkid_cand_list {
 	uint32	npmkid_cand;
-	pmkid_cand_t	pmkid_cand[1];
+	pmkid_cand_t	pmkid_cand[];
 } pmkid_cand_list_t;
 
 typedef struct {
@@ -278,7 +278,7 @@ typedef struct channel_info {
 
 struct maclist {
 	uint count;			
-	struct ether_addr ea[1];	
+	struct ether_addr ea[];	
 };
 
 typedef struct wl_ioctl {
diff --git a/src/wl/sys/wl_cfg80211_hybrid.c b/src/wl/sys/wl_cfg80211_hybrid.c
index c0dbae2..7926f2a 100644
--- a/src/wl/sys/wl_cfg80211_hybrid.c
+++ b/src/wl/sys/wl_cfg80211_hybrid.c
@@ -1584,7 +1584,7 @@ wl_cfg80211_del_pmksa(struct wiphy *wiphy, struct net_device *dev,
                       struct cfg80211_pmksa *pmksa)
 {
 	struct wl_cfg80211_priv *wl = wiphy_to_wl(wiphy);
-	struct _pmkid_list pmkid;
+	struct { pmkid_t pmkid[1]; } pmkid;
 	s32 err = 0;
 	int i;
 
@@ -1992,7 +1992,7 @@ static s32 wl_inform_single_bss(struct wl_cfg80211_priv *wl, struct wl_bss_info
 		WL_DBG(("Beacon is larger than buffer. Discarding\n"));
 		return err;
 	}
-	notif_bss_info = kzalloc(sizeof(*notif_bss_info) + sizeof(*mgmt) - sizeof(u8) +
+	notif_bss_info = kzalloc(sizeof(*notif_bss_info) + sizeof(*mgmt) +
 	                         WL_BSS_INFO_MAX, GFP_KERNEL);
 	if (!notif_bss_info) {
 		WL_ERR(("notif_bss_info alloc failed\n"));
diff --git a/src/wl/sys/wl_cfg80211_hybrid.h b/src/wl/sys/wl_cfg80211_hybrid.h
index bc6f3ad..e117897 100644
--- a/src/wl/sys/wl_cfg80211_hybrid.h
+++ b/src/wl/sys/wl_cfg80211_hybrid.h
@@ -103,7 +103,7 @@ struct beacon_proberesp {
 	__le64 timestamp;
 	__le16 beacon_int;
 	__le16 capab_info;
-	u8 variable[0];
+	u8 variable[];
 } __attribute__ ((packed));
 
 struct wl_cfg80211_conf {
@@ -126,7 +126,7 @@ struct wl_cfg80211_bss_info {
 	u16 channel;
 	s16 rssi;
 	u16 frame_len;
-	u8 frame_buf[1];
+	u8 frame_buf[];
 };
 
 struct wl_cfg80211_scan_req {
@@ -142,7 +142,7 @@ struct wl_cfg80211_event_q {
 	struct list_head eq_list;
 	u32 etype;
 	wl_event_msg_t emsg;
-	s8 edata[1];
+	s8 edata[];
 };
 
 struct wl_cfg80211_security {
@@ -174,7 +174,7 @@ struct wl_cfg80211_assoc_ielen {
 
 struct wl_cfg80211_pmk_list {
 	pmkid_list_t pmkids;
-	pmkid_t foo[MAXPMKID - 1];
+	pmkid_t foo[MAXPMKID];
 };
 
 struct wl_cfg80211_priv {
diff --git a/src/wl/sys/wl_iw.c b/src/wl/sys/wl_iw.c
index e346b15..e28de40 100644
--- a/src/wl/sys/wl_iw.c
+++ b/src/wl/sys/wl_iw.c
@@ -1875,7 +1875,7 @@ wl_iw_set_encodeext(
 #if WIRELESS_EXT > 17
 struct {
 	pmkid_list_t pmkids;
-	pmkid_t foo[MAXPMKID-1];
+	pmkid_t foo[MAXPMKID];
 } pmkid_list;
 static int
 wl_iw_set_pmksa(
@@ -1898,7 +1898,7 @@ wl_iw_set_pmksa(
 		bzero((char *)&pmkid_list, sizeof(pmkid_list));
 	}
 	if (iwpmksa->cmd == IW_PMKSA_REMOVE) {
-		pmkid_list_t pmkid, *pmkidptr;
+		struct { pmkid_t pmkid[1]; } pmkid, *pmkidptr;
 		pmkidptr = &pmkid;
 		bcopy(&iwpmksa->bssid.sa_data[0], &pmkidptr->pmkid[0].BSSID, ETHER_ADDR_LEN);
 		bcopy(&iwpmksa->pmkid[0], &pmkidptr->pmkid[0].PMKID, WPA2_PMKID_LEN);
-- 
2.41.0

openSUSE Build Service is sponsored by