Re: [PATCH net-next] ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done
From: Stefan Schmidt
Date: Tue Dec 11 2018 - 03:39:10 EST
Hello.
On 11.12.18 04:13, YueHaibing wrote:
> gcc warning this:
>
> drivers/net/ieee802154/ca8210.c:730:10: warning:
> comparison is always false due to limited range of data type [-Wtype-limits]
>
> 'len' is u8 type, we get it from buf[1] adding 2, which can overflow.
> This patch change the type of 'len' to unsigned int to avoid this,also fix
> the gcc warning.
>
> Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver")
> Signed-off-by: YueHaibing <yuehaibing@xxxxxxxxxx>
> ---
> drivers/net/ieee802154/ca8210.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c
> index 0ff5a40..b2ff903 100644
> --- a/drivers/net/ieee802154/ca8210.c
> +++ b/drivers/net/ieee802154/ca8210.c
> @@ -721,7 +721,7 @@ static void ca8210_mlme_reset_worker(struct work_struct *work)
> static void ca8210_rx_done(struct cas_control *cas_ctl)
> {
> u8 *buf;
> - u8 len;
> + unsigned int len;
> struct work_priv_container *mlme_reset_wpc;
> struct ca8210_priv *priv = cas_ctl->priv;
>
> @@ -730,7 +730,7 @@ static void ca8210_rx_done(struct cas_control *cas_ctl)
> if (len > CA8210_SPI_BUF_SIZE) {
> dev_crit(
> &priv->spi->dev,
> - "Received packet len (%d) erroneously long\n",
> + "Received packet len (%u) erroneously long\n",
> len
> );
> goto finish;
>
This patch has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!
regards
Stefan Schmidt