Open KeyWeeUsr opened 7 months ago
The name _NDIS_802_11_VARIABLE_IEs
already tells you it's supposed to be a variable length array, not size 1. Make it u8 data[];
and the warning probably goes away. The struct is here: https://github.com/tomaspinho/rtl8821ce/blob/66983b69120a13699acf40a12979317f29012111/include/wlan_bssdef.h#L95-L99
For the other thing, the newer version of the driver has a check which prevents the out-of-bounds value: https://github.com/lwfinger/rtw88/blob/ca9f4e199efbf8c377e8a1769ba5b05b23f92c82/alt_rtl8821ce/hal/phydm/phydm_math_lib.c#L205-L214
Thought it might be worthwhile sharing my experience here as well. The following warnings are printed to the screen by plymouth
during system boot. There are no issues with internet access once the system finishes booting.
UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8821ce/v5.5.2_34066.20200325/build/core/rtw_wlan_util.c:1912:48
index 1 is out of range for type 'u8 [1]'
UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8821ce/v5.5.2_34066.20200325/build/core/rtw_wlan_util.c:1917:75
index 2 is out of range for type 'u8 [1]'
UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8821ce/v5.5.2_34066.20200325/build/core/rtw_wlan_util.c:1923:76
index 2 is out of range for type 'u8 [1]'
UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8821ce/v5.5.2_34066.20200325/build/core/rtw_wlan_util.c:1926:34
index 2 is out of range for type 'u8 [1]'
UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8821ce/v5.5.2_34066.20200325/build/os_dep/linux/ioctl_cfg80211.c:1589:110
index 16 is out of range for type 'u8 [*]'
UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8821ce/v5.5.2_34066.20200325/build/os_dep/linux/ioctl_cfg80211.c:1590:110
index 24 is out of range for type 'u8 [*]'
@KernelGhost Have you tried rtw88 recently? It may be working okay now.
@dubhater When I initially set up my system, I used the rtw88_8821ce driver that came bundled with the Linux kernel. Unfortunately, the performance was poor, with very slow connection speeds and frequent random disconnections from wireless access points. Due to these issues, I blacklisted the RTW88 driver and installed the RTL8821ce driver instead. Since making the switch, I have noticed a significant improvement in both performance and stability.
But when was that? Some fixes for RTL8821CE went into kernel 6.9.
Some fixes for RTL8821CE went into kernel 6.9.
Did you mean to say fixes to RTW88 were included in kernel version 6.9?
But when was that?
The last time I tried rtw88_8821ce was on a kernel between 6.5 and 6.8 (inclusive), though I can't recall the exact version.
Since networking is currently operational and stable using RTL8821ce, I am willing to tolerate the warnings for now. I might trial rtw88_8821ce again in the future if necessary.
Yes, I meant fixes to rtw88.
UBSAN: array-index-out-of-bounds in core/rtw_wlan_util.c:1912:48
UBSAN: array-index-out-of-bounds in core/rtw_wlan_util.c:1917:75
UBSAN: array-index-out-of-bounds in core/rtw_wlan_util.c:1923:76
UBSAN: array-index-out-of-bounds in core/rtw_wlan_util.c:1926:34
pIE->Length
is probably initialized to something incorrect. I can't find the original structPNDIS_802_11_VARIABLE_IEs
declaration anywhere, however I found these which seem to match:(source1, source2, source3)
data
is a single-elementUCHAR
array, so the wholefor (i = 0; i < (pIE->Length); i++)
doesn't make much of a sense unless it's a hack for a variable-length array with array-like declaration instead ofUCHAR* data
. If it's the latter, only bad fixes come to my mind:sizeof (pIE->data) / sizeof (*(pIE->data))
eventually breaking due to the nature ofmalloc()
calloc()
+NULL
requiring the driver allocating memory (doesn't seem to be the case?)and something probably easier to solve:
UBSAN: array-index-out-of-bounds in hal/phydm/phydm_math_lib.c:172:26
is probably missing a row here or the input is garbage value.
Logs: