wifi: rtw89: fw: cast mfw_hdr pointer from address of zeroth byte of firmware->data

The firmware->size is validated before using firmware->data, but Coverity still reports: Downcasting "firmware->data" from "u8 const *" to "struct rtw89_mfw_hdr" implies that the data that this pointer points to is tainted." Using &firmware->data[0] to avoid the warning. No change logic at all. Addresses-Coverity-ID: 1494046 ("Untrusted loop bound") Addresses-Coverity-ID: 1544385 ("Untrusted array index read") Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Link: https://patch.msgid.link/20250325025424.14079-1-pkshih@realtek.com
author: Ping-Ke Shih <pkshih@realtek.com> 2025-03-25 10:54:24 +0800
committer: Ping-Ke Shih <pkshih@realtek.com> 2025-03-31 14:07:03 +0800
commit: bc1265b5c982fc73077812a8be727ba3d734164b (patch)
tree: 47ecf8a5ee32bdecf9e9db2431273e751121e424
parent: 81433a8a4f404d3e52e8e591fdc9409101dadf57 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/net/wireless/realtek/rtw89/fw.c b/drivers/net/wireless/realtek/rtw89/fw.c
index c7172334f895..16499fce94cc 100644
--- a/drivers/net/wireless/realtek/rtw89/fw.c
+++ b/drivers/net/wireless/realtek/rtw89/fw.c
@@ -554,7 +554,7 @@ const struct rtw89_mfw_hdr *rtw89_mfw_get_hdr_ptr(struct rtw89_dev *rtwdev,
 	if (sizeof(*mfw_hdr) > firmware->size)
 		return NULL;
 
-	mfw_hdr = (const struct rtw89_mfw_hdr *)firmware->data;
+	mfw_hdr = (const struct rtw89_mfw_hdr *)&firmware->data[0];
 
 	if (mfw_hdr->sig != RTW89_MFW_SIG)
 		return NULL;
author	Ping-Ke Shih <pkshih@realtek.com>	2025-03-25 10:54:24 +0800
committer	Ping-Ke Shih <pkshih@realtek.com>	2025-03-31 14:07:03 +0800
commit	bc1265b5c982fc73077812a8be727ba3d734164b (patch)
tree	47ecf8a5ee32bdecf9e9db2431273e751121e424
parent	81433a8a4f404d3e52e8e591fdc9409101dadf57 (diff)