From: walter harms <wharms@bfs.de>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Colin King <colin.king@canonical.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
devel@driverdev.osuosl.org, kernel-janitors@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] staging: rtl8192u: fix potential infinite loop because loop counter being too small
Date: Sat, 02 Nov 2019 13:50:25 +0100 [thread overview]
Message-ID: <5DBD7B91.8040309@bfs.de> (raw)
In-Reply-To: <20191101145117.GB10409@kadam>
Am 01.11.2019 15:51, schrieb Dan Carpenter:
> On Fri, Nov 01, 2019 at 02:26:04PM +0000, Colin King wrote:
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> Currently the for-loop counter i is a u8 however it is being checked
>> against a maximum value priv->ieee80211->LinkDetectInfo.SlotNum which is a
>> u16. Hence there is a potential wrap-around of counter i back to zero if
>> priv->ieee80211->LinkDetectInfo.SlotNum is greater than 255. Fix this by
>> making i a u16.
>>
>> Addresses-Coverity: ("Infinite loop")
>> Fixes: 8fc8598e61f6 ("Staging: Added Realtek rtl8192u driver to staging")
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>> ---
>> drivers/staging/rtl8192u/r8192U_core.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c
>> index 48f1591ed5b4..fd91b7c5ca81 100644
>> --- a/drivers/staging/rtl8192u/r8192U_core.c
>> +++ b/drivers/staging/rtl8192u/r8192U_core.c
>> @@ -3210,7 +3210,7 @@ static void rtl819x_update_rxcounts(struct r8192_priv *priv, u32 *TotalRxBcnNum,
>> u32 *TotalRxDataNum)
>> {
>> u16 SlotIndex;
>> - u8 i;
>> + u16 i;
>
> The iterator "i" should just be an int unless we know that it needs to
> be an unsigned long long.
>
+1
i think we can spare the 2byte. ppl expect int and will get confused (as shown here).
re,
wh
WARNING: multiple messages have this Message-ID (diff)
From: walter harms <wharms@bfs.de>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: devel@driverdev.osuosl.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org,
Colin King <colin.king@canonical.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>
Subject: Re: [PATCH] staging: rtl8192u: fix potential infinite loop because loop counter being too small
Date: Sat, 02 Nov 2019 12:50:25 +0000 [thread overview]
Message-ID: <5DBD7B91.8040309@bfs.de> (raw)
In-Reply-To: <20191101145117.GB10409@kadam>
Am 01.11.2019 15:51, schrieb Dan Carpenter:
> On Fri, Nov 01, 2019 at 02:26:04PM +0000, Colin King wrote:
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> Currently the for-loop counter i is a u8 however it is being checked
>> against a maximum value priv->ieee80211->LinkDetectInfo.SlotNum which is a
>> u16. Hence there is a potential wrap-around of counter i back to zero if
>> priv->ieee80211->LinkDetectInfo.SlotNum is greater than 255. Fix this by
>> making i a u16.
>>
>> Addresses-Coverity: ("Infinite loop")
>> Fixes: 8fc8598e61f6 ("Staging: Added Realtek rtl8192u driver to staging")
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>> ---
>> drivers/staging/rtl8192u/r8192U_core.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c
>> index 48f1591ed5b4..fd91b7c5ca81 100644
>> --- a/drivers/staging/rtl8192u/r8192U_core.c
>> +++ b/drivers/staging/rtl8192u/r8192U_core.c
>> @@ -3210,7 +3210,7 @@ static void rtl819x_update_rxcounts(struct r8192_priv *priv, u32 *TotalRxBcnNum,
>> u32 *TotalRxDataNum)
>> {
>> u16 SlotIndex;
>> - u8 i;
>> + u16 i;
>
> The iterator "i" should just be an int unless we know that it needs to
> be an unsigned long long.
>
+1
i think we can spare the 2byte. ppl expect int and will get confused (as shown here).
re,
wh
WARNING: multiple messages have this Message-ID (diff)
From: walter harms <wharms@bfs.de>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: devel@driverdev.osuosl.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org,
Colin King <colin.king@canonical.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>
Subject: Re: [PATCH] staging: rtl8192u: fix potential infinite loop because loop counter being too small
Date: Sat, 02 Nov 2019 13:50:25 +0100 [thread overview]
Message-ID: <5DBD7B91.8040309@bfs.de> (raw)
In-Reply-To: <20191101145117.GB10409@kadam>
Am 01.11.2019 15:51, schrieb Dan Carpenter:
> On Fri, Nov 01, 2019 at 02:26:04PM +0000, Colin King wrote:
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> Currently the for-loop counter i is a u8 however it is being checked
>> against a maximum value priv->ieee80211->LinkDetectInfo.SlotNum which is a
>> u16. Hence there is a potential wrap-around of counter i back to zero if
>> priv->ieee80211->LinkDetectInfo.SlotNum is greater than 255. Fix this by
>> making i a u16.
>>
>> Addresses-Coverity: ("Infinite loop")
>> Fixes: 8fc8598e61f6 ("Staging: Added Realtek rtl8192u driver to staging")
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>> ---
>> drivers/staging/rtl8192u/r8192U_core.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c
>> index 48f1591ed5b4..fd91b7c5ca81 100644
>> --- a/drivers/staging/rtl8192u/r8192U_core.c
>> +++ b/drivers/staging/rtl8192u/r8192U_core.c
>> @@ -3210,7 +3210,7 @@ static void rtl819x_update_rxcounts(struct r8192_priv *priv, u32 *TotalRxBcnNum,
>> u32 *TotalRxDataNum)
>> {
>> u16 SlotIndex;
>> - u8 i;
>> + u16 i;
>
> The iterator "i" should just be an int unless we know that it needs to
> be an unsigned long long.
>
+1
i think we can spare the 2byte. ppl expect int and will get confused (as shown here).
re,
wh
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
next prev parent reply other threads:[~2019-11-02 12:50 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-01 14:26 [PATCH] staging: rtl8192u: fix potential infinite loop because loop counter being too small Colin King
2019-11-01 14:26 ` Colin King
2019-11-01 14:26 ` Colin King
2019-11-01 14:51 ` Dan Carpenter
2019-11-01 14:51 ` Dan Carpenter
2019-11-01 14:51 ` Dan Carpenter
2019-11-02 12:50 ` walter harms [this message]
2019-11-02 12:50 ` walter harms
2019-11-02 12:50 ` walter harms
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5DBD7B91.8040309@bfs.de \
--to=wharms@bfs.de \
--cc=colin.king@canonical.com \
--cc=dan.carpenter@oracle.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mchehab@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.