From bc1265b5c982fc73077812a8be727ba3d734164b Mon Sep 17 00:00:00 2001
From: Ping-Ke Shih <pkshih@realtek.com>
Date: Tue, 25 Mar 2025 10:54:24 +0800
Subject: [PATCH] wifi: rtw89: fw: cast mfw_hdr pointer from address of zeroth
 byte of firmware->data

The firmware->size is validated before using firmware->data, but Coverity
still reports:
  Downcasting "firmware->data" from "u8 const *" to "struct rtw89_mfw_hdr"
  implies that the data that this pointer points to is tainted."

Using &firmware->data[0] to avoid the warning. No change logic at all.

Addresses-Coverity-ID: 1494046 ("Untrusted loop bound")
Addresses-Coverity-ID: 1544385 ("Untrusted array index read")

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20250325025424.14079-1-pkshih@realtek.com
---
 drivers/net/wireless/realtek/rtw89/fw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/realtek/rtw89/fw.c b/drivers/net/wireless/realtek/rtw89/fw.c
index c7172334f895..16499fce94cc 100644
--- a/drivers/net/wireless/realtek/rtw89/fw.c
+++ b/drivers/net/wireless/realtek/rtw89/fw.c
@@ -554,7 +554,7 @@ const struct rtw89_mfw_hdr *rtw89_mfw_get_hdr_ptr(struct rtw89_dev *rtwdev,
 	if (sizeof(*mfw_hdr) > firmware->size)
 		return NULL;
 
-	mfw_hdr = (const struct rtw89_mfw_hdr *)firmware->data;
+	mfw_hdr = (const struct rtw89_mfw_hdr *)&firmware->data[0];
 
 	if (mfw_hdr->sig != RTW89_MFW_SIG)
 		return NULL;
-- 
2.50.1