staging: rtl8723bs: fix fortify warnings by using struct_group

Fix fortify_memcpy_chk warnings in rtw_BIP_verify() and
rtw_mgmt_xmitframe_coalesce() functions by using struct_group
to access consecutive address fields.

Changed memcpy calls to use &hdr->addrs instead of hdr->addr1
when copying 18 bytes (addr1 + addr2 + addr3).

This resolves 'detected read beyond size of field' warnings
by using the proper struct_group mechanism as suggested by
the compiler.

Signed-off-by: yingche <zxcv2569763104@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/20250829040906.895221-1-zxcv2569763104@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
index 8367fd15c6b12da58a4da2bc9a002cc33c7d038a..3d99d045f4b6e6b0c4c07f68d2fdde0b2cfd0861 100644 (file)
--- a/drivers/staging/rtl8723bs/core/rtw_security.c
+++ b/drivers/staging/rtl8723bs/core/rtw_security.c
@@ -1363,7 +1363,7 @@ u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe)
                ClearPwrMgt(BIP_AAD);
                ClearMData(BIP_AAD);
                /* conscruct AAD, copy address 1 to address 3 */
-               memcpy(BIP_AAD+2, pwlanhdr->addr1, 18);
+               memcpy(BIP_AAD + 2, &pwlanhdr->addrs, sizeof(pwlanhdr->addrs));
 
                if (omac1_aes_128(padapter->securitypriv.dot11wBIPKey[padapter->securitypriv.dot11wBIPKeyid].skey
                        , BIP_AAD, ori_len, mic))

diff --git a/drivers/staging/rtl8723bs/core/rtw_xmit.c b/drivers/staging/rtl8723bs/core/rtw_xmit.c
index 8c6841f078b4759be7fa7df07d8d86bb5d96ef11..21690857fd62a58724fb76cfa1536aee80f427ca 100644 (file)
--- a/drivers/staging/rtl8723bs/core/rtw_xmit.c
+++ b/drivers/staging/rtl8723bs/core/rtw_xmit.c
@@ -1209,7 +1209,7 @@ s32 rtw_mgmt_xmitframe_coalesce(struct adapter *padapter, struct sk_buff *pkt, s
                ClearPwrMgt(BIP_AAD);
                ClearMData(BIP_AAD);
                /* conscruct AAD, copy address 1 to address 3 */
-               memcpy(BIP_AAD+2, pwlanhdr->addr1, 18);
+               memcpy(BIP_AAD + 2, &pwlanhdr->addrs, sizeof(pwlanhdr->addrs));
                /* copy management fram body */
                memcpy(BIP_AAD+BIP_AAD_SIZE, MGMT_body, frame_body_len);
                /* calculate mic */