From: yingche <zxcv2569763104@gmail.com>
Date: Fri, 29 Aug 2025 04:09:06 +0000 (+0800)
Subject: staging: rtl8723bs: fix fortify warnings by using struct_group
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=0bbf8fb9e3e624d44b536de71a93f995b7edc7a5;p=users%2Fhch%2Fmisc.git

staging: rtl8723bs: fix fortify warnings by using struct_group

Fix fortify_memcpy_chk warnings in rtw_BIP_verify() and
rtw_mgmt_xmitframe_coalesce() functions by using struct_group
to access consecutive address fields.

Changed memcpy calls to use &hdr->addrs instead of hdr->addr1
when copying 18 bytes (addr1 + addr2 + addr3).

This resolves 'detected read beyond size of field' warnings
by using the proper struct_group mechanism as suggested by
the compiler.

Signed-off-by: yingche <zxcv2569763104@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/20250829040906.895221-1-zxcv2569763104@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
index 8367fd15c6b1..3d99d045f4b6 100644
--- a/drivers/staging/rtl8723bs/core/rtw_security.c
+++ b/drivers/staging/rtl8723bs/core/rtw_security.c
@@ -1363,7 +1363,7 @@ u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe)
 		ClearPwrMgt(BIP_AAD);
 		ClearMData(BIP_AAD);
 		/* conscruct AAD, copy address 1 to address 3 */
-		memcpy(BIP_AAD+2, pwlanhdr->addr1, 18);
+		memcpy(BIP_AAD + 2, &pwlanhdr->addrs, sizeof(pwlanhdr->addrs));
 
 		if (omac1_aes_128(padapter->securitypriv.dot11wBIPKey[padapter->securitypriv.dot11wBIPKeyid].skey
 			, BIP_AAD, ori_len, mic))
diff --git a/drivers/staging/rtl8723bs/core/rtw_xmit.c b/drivers/staging/rtl8723bs/core/rtw_xmit.c
index 8c6841f078b4..21690857fd62 100644
--- a/drivers/staging/rtl8723bs/core/rtw_xmit.c
+++ b/drivers/staging/rtl8723bs/core/rtw_xmit.c
@@ -1209,7 +1209,7 @@ s32 rtw_mgmt_xmitframe_coalesce(struct adapter *padapter, struct sk_buff *pkt, s
 		ClearPwrMgt(BIP_AAD);
 		ClearMData(BIP_AAD);
 		/* conscruct AAD, copy address 1 to address 3 */
-		memcpy(BIP_AAD+2, pwlanhdr->addr1, 18);
+		memcpy(BIP_AAD + 2, &pwlanhdr->addrs, sizeof(pwlanhdr->addrs));
 		/* copy management fram body */
 		memcpy(BIP_AAD+BIP_AAD_SIZE, MGMT_body, frame_body_len);
 		/* calculate mic */