From cdba33f23c66f12b400f842d952608c9eedca86f Mon Sep 17 00:00:00 2001
From: Cy Schubert <cy@FreeBSD.org>
Date: Tue, 21 Aug 2018 19:17:35 +0000
Subject: [PATCH] For CID 1394785, add a comment explaining that
 global->event_buf is not really a char * but a struct rt_msghdr *.

MFC after:	3 days
---
 contrib/wpa/src/drivers/driver_bsd.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/contrib/wpa/src/drivers/driver_bsd.c b/contrib/wpa/src/drivers/driver_bsd.c
index 65282228d4f..e8ee0440c12 100644
--- a/contrib/wpa/src/drivers/driver_bsd.c
+++ b/contrib/wpa/src/drivers/driver_bsd.c
@@ -1234,6 +1234,11 @@ wpa_driver_bsd_event_receive(int sock, void *ctx, void *sock_ctx)
 	struct ieee80211_join_event *join;
 	int n;
 
+	/*
+	 * CID 1394785: Memory - illegal access (STRING_NULL):
+	 * Though global->event_buf is a char *, it actually contains
+	 * a struct rt_msghdr *. See below.
+	 */
 	n = read(sock, global->event_buf, global->event_buf_len);
 	if (n < 0) {
 		if (errno != EINTR && errno != EAGAIN)
@@ -1242,6 +1247,10 @@ wpa_driver_bsd_event_receive(int sock, void *ctx, void *sock_ctx)
 		return;
 	}
 
+	/*
+	 * CID 1394785: global->event_buf is assigned here to a
+	 * struct rt_msghdr *.
+	 */
 	rtm = (struct rt_msghdr *) global->event_buf;
 	if (rtm->rtm_version != RTM_VERSION) {
 		wpa_printf(MSG_DEBUG, "Invalid routing message version=%d",