From cc4cdefc7f78214bc11e71609d24ef564ce0a6c7 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 23 Feb 2019 14:03:59 +0200
Subject: [PATCH] UBSan: Avoid unnecessary warning

elems->mic might be NULL here, so do not try to decrement it by 2 even
if the result is not used anywhere due to a latter check for elems->mic
being NULL.

mesh_rsn.c:646:20: runtime error: pointer index expression with base 0x000000000000 overflowed to 0xfffffffffffffffe

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 wpa_supplicant/mesh_rsn.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
index 64fc52ba1..174011b57 100644
--- a/wpa_supplicant/mesh_rsn.c
+++ b/wpa_supplicant/mesh_rsn.c
@@ -643,7 +643,7 @@ int mesh_rsn_process_ampe(struct wpa_supplicant *wpa_s, struct sta_info *sta,
 	size_t crypt_len;
 	const u8 *aad[] = { sta->addr, wpa_s->own_addr, cat };
 	const size_t aad_len[] = { ETH_ALEN, ETH_ALEN,
-				   (elems->mic - 2) - cat };
+				   elems->mic ? (elems->mic - 2) - cat : 0 };
 	size_t key_len;
 
 	if (!sta->sae) {