* [PATCH] staging: rtl8192u: fix potential infinite loop because loop counter being too small
@ 2019-11-01 14:26 Colin King
2019-11-01 14:51 ` Dan Carpenter
0 siblings, 1 reply; 3+ messages in thread
From: Colin King @ 2019-11-01 14:26 UTC (permalink / raw)
To: Greg Kroah-Hartman, Mauro Carvalho Chehab, devel
Cc: kernel-janitors, linux-kernel
From: Colin Ian King <colin.king@canonical.com>
Currently the for-loop counter i is a u8 however it is being checked
against a maximum value priv->ieee80211->LinkDetectInfo.SlotNum which is a
u16. Hence there is a potential wrap-around of counter i back to zero if
priv->ieee80211->LinkDetectInfo.SlotNum is greater than 255. Fix this by
making i a u16.
Addresses-Coverity: ("Infinite loop")
Fixes: 8fc8598e61f6 ("Staging: Added Realtek rtl8192u driver to staging")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/staging/rtl8192u/r8192U_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c
index 48f1591ed5b4..fd91b7c5ca81 100644
--- a/drivers/staging/rtl8192u/r8192U_core.c
+++ b/drivers/staging/rtl8192u/r8192U_core.c
@@ -3210,7 +3210,7 @@ static void rtl819x_update_rxcounts(struct r8192_priv *priv, u32 *TotalRxBcnNum,
u32 *TotalRxDataNum)
{
u16 SlotIndex;
- u8 i;
+ u16 i;
*TotalRxBcnNum = 0;
*TotalRxDataNum = 0;
--
2.20.1
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] staging: rtl8192u: fix potential infinite loop because loop counter being too small
2019-11-01 14:26 [PATCH] staging: rtl8192u: fix potential infinite loop because loop counter being too small Colin King
@ 2019-11-01 14:51 ` Dan Carpenter
2019-11-02 12:50 ` walter harms
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2019-11-01 14:51 UTC (permalink / raw)
To: Colin King
Cc: devel, Greg Kroah-Hartman, Mauro Carvalho Chehab,
kernel-janitors, linux-kernel
On Fri, Nov 01, 2019 at 02:26:04PM +0000, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Currently the for-loop counter i is a u8 however it is being checked
> against a maximum value priv->ieee80211->LinkDetectInfo.SlotNum which is a
> u16. Hence there is a potential wrap-around of counter i back to zero if
> priv->ieee80211->LinkDetectInfo.SlotNum is greater than 255. Fix this by
> making i a u16.
>
> Addresses-Coverity: ("Infinite loop")
> Fixes: 8fc8598e61f6 ("Staging: Added Realtek rtl8192u driver to staging")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> drivers/staging/rtl8192u/r8192U_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c
> index 48f1591ed5b4..fd91b7c5ca81 100644
> --- a/drivers/staging/rtl8192u/r8192U_core.c
> +++ b/drivers/staging/rtl8192u/r8192U_core.c
> @@ -3210,7 +3210,7 @@ static void rtl819x_update_rxcounts(struct r8192_priv *priv, u32 *TotalRxBcnNum,
> u32 *TotalRxDataNum)
> {
> u16 SlotIndex;
> - u8 i;
> + u16 i;
The iterator "i" should just be an int unless we know that it needs to
be an unsigned long long.
regards,
dan carpenter
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] staging: rtl8192u: fix potential infinite loop because loop counter being too small
2019-11-01 14:51 ` Dan Carpenter
@ 2019-11-02 12:50 ` walter harms
0 siblings, 0 replies; 3+ messages in thread
From: walter harms @ 2019-11-02 12:50 UTC (permalink / raw)
To: Dan Carpenter
Cc: devel, Greg Kroah-Hartman, kernel-janitors, linux-kernel,
Colin King, Mauro Carvalho Chehab
Am 01.11.2019 15:51, schrieb Dan Carpenter:
> On Fri, Nov 01, 2019 at 02:26:04PM +0000, Colin King wrote:
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> Currently the for-loop counter i is a u8 however it is being checked
>> against a maximum value priv->ieee80211->LinkDetectInfo.SlotNum which is a
>> u16. Hence there is a potential wrap-around of counter i back to zero if
>> priv->ieee80211->LinkDetectInfo.SlotNum is greater than 255. Fix this by
>> making i a u16.
>>
>> Addresses-Coverity: ("Infinite loop")
>> Fixes: 8fc8598e61f6 ("Staging: Added Realtek rtl8192u driver to staging")
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>> ---
>> drivers/staging/rtl8192u/r8192U_core.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c
>> index 48f1591ed5b4..fd91b7c5ca81 100644
>> --- a/drivers/staging/rtl8192u/r8192U_core.c
>> +++ b/drivers/staging/rtl8192u/r8192U_core.c
>> @@ -3210,7 +3210,7 @@ static void rtl819x_update_rxcounts(struct r8192_priv *priv, u32 *TotalRxBcnNum,
>> u32 *TotalRxDataNum)
>> {
>> u16 SlotIndex;
>> - u8 i;
>> + u16 i;
>
> The iterator "i" should just be an int unless we know that it needs to
> be an unsigned long long.
>
+1
i think we can spare the 2byte. ppl expect int and will get confused (as shown here).
re,
wh
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-02 12:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-01 14:26 [PATCH] staging: rtl8192u: fix potential infinite loop because loop counter being too small Colin King
2019-11-01 14:51 ` Dan Carpenter
2019-11-02 12:50 ` walter harms
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).