Use a local variable and check the record payload length validity before
writing it into record->payload_length in hopes of getting rid of a
bogus static analyzer warning. The negative return value was sufficient
to avoid record->payload_length being used, but that seems to be too
complex for some analyzers. (CID 122668)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
return -1;
record->payload_length = *pos++;
} else {
+ u32 len;
+
if (size < 6)
return -1;
- record->payload_length = WPA_GET_BE32(pos);
- if (record->payload_length > size - 6 ||
- record->payload_length > 20000)
+ len = WPA_GET_BE32(pos);
+ if (len > size - 6 || len > 20000)
return -1;
+ record->payload_length = len;
pos += sizeof(u32);
}