From: Jerome Pouiller <Jerome.Pouiller@silabs.com>
To: devel@driverdev.osuosl.org, linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Kalle Valo <kvalo@codeaurora.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"David S . Miller" <davem@davemloft.net>,
Dan Carpenter <dan.carpenter@oracle.com>
Subject: [PATCH 5/8] staging: wfx: increase robustness of hif_generic_confirm()
Date: Fri, 9 Oct 2020 19:13:04 +0200 [thread overview]
Message-ID: <20201009171307.864608-6-Jerome.Pouiller@silabs.com> (raw)
In-Reply-To: <20201009171307.864608-1-Jerome.Pouiller@silabs.com>
From: Jérôme Pouiller <jerome.pouiller@silabs.com>
Smatch complains:
drivers/staging/wfx/hif_rx.c:26 hif_generic_confirm() warn: negative user subtract: 0-u16max - 4
20 static int hif_generic_confirm(struct wfx_dev *wdev,
21 const struct hif_msg *hif, const void *buf)
22 {
23 // All confirm messages start with status
24 int status = le32_to_cpup((__le32 *)buf);
25 int cmd = hif->id;
26 int len = le16_to_cpu(hif->len) - 4; // drop header
^^^^^
27
28 WARN(!mutex_is_locked(&wdev->hif_cmd.lock), "data locking error");
In fact, rx_helper() already make the necessary checks on the value of
hif->len. Never mind, add an explicit check to make Smatch happy.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
---
drivers/staging/wfx/hif_rx.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/wfx/hif_rx.c b/drivers/staging/wfx/hif_rx.c
index ca09467cba05..2d4265257112 100644
--- a/drivers/staging/wfx/hif_rx.c
+++ b/drivers/staging/wfx/hif_rx.c
@@ -40,10 +40,10 @@ static int hif_generic_confirm(struct wfx_dev *wdev,
}
if (wdev->hif_cmd.buf_recv) {
- if (wdev->hif_cmd.len_recv >= len)
+ if (wdev->hif_cmd.len_recv >= len && len > 0)
memcpy(wdev->hif_cmd.buf_recv, buf, len);
else
- status = -ENOMEM;
+ status = -EIO;
}
wdev->hif_cmd.ret = status;
--
2.28.0
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
next prev parent reply other threads:[~2020-10-09 17:13 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-09 17:12 [PATCH 0/8] staging: wfx: fix issues reported by Smatch Jerome Pouiller
2020-10-09 17:13 ` [PATCH 1/8] staging: wfx: improve error handling of hif_join() Jerome Pouiller
2020-10-09 17:13 ` [PATCH 2/8] staging: wfx: check memory allocation Jerome Pouiller
2020-10-09 18:51 ` Kalle Valo
2020-10-10 12:07 ` Jérôme Pouiller
2020-10-10 13:18 ` Dan Carpenter
2020-10-10 13:54 ` Dan Carpenter
2020-10-09 17:13 ` [PATCH 3/8] staging: wfx: standardize the error when vif does not exist Jerome Pouiller
2020-10-09 18:52 ` Kalle Valo
2020-10-10 12:22 ` Jérôme Pouiller
2020-10-10 12:40 ` Greg Kroah-Hartman
2020-10-10 13:29 ` Jérôme Pouiller
2020-10-09 17:13 ` [PATCH 4/8] staging: wfx: wfx_init_common() returns NULL on error Jerome Pouiller
2020-10-09 17:13 ` Jerome Pouiller [this message]
2020-10-09 17:13 ` [PATCH 6/8] staging: wfx: gpiod_get_value() can return an error Jerome Pouiller
2020-10-09 17:13 ` [PATCH 7/8] staging: wfx: drop unicode characters from strings Jerome Pouiller
2020-10-09 17:13 ` [PATCH 8/8] staging: wfx: improve robustness of wfx_get_hw_rate() Jerome Pouiller
2020-10-16 1:50 ` Nathan Chancellor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201009171307.864608-6-Jerome.Pouiller@silabs.com \
--to=jerome.pouiller@silabs.com \
--cc=dan.carpenter@oracle.com \
--cc=davem@davemloft.net \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).