Smatch complains because "delba" is a pointer to struct
rtl_80211_hdr_3addr so the "delba += sizeof(struct rtl_80211_hdr_3addr);"
is clearly wrong. We are reading nonsense data from beyond the end of
the buffer and could oops if that memory isn't mapped.
It turns out the next two statements are also wrong. We should delete
the += sizeof() statement and "delba+2" should be "&delba->payload[2]".
"pReasonCode" isn't used so I deleted that.
With-Fix-From: Mateusz Kulikowski <mateusz.kulikowski@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
047db9915e