ath6kl: remove false check from ath6kl_rx()
authorKalle Valo <kvalo@qca.qualcomm.com>
Sun, 10 Mar 2013 05:51:39 +0000 (07:51 +0200)
committerKalle Valo <kvalo@qca.qualcomm.com>
Mon, 18 Mar 2013 11:50:19 +0000 (13:50 +0200)
Dan found a check from ath6kl_rx() which doesn't make any sense at all:

"  1327          if (status || !(skb->data + HTC_HDR_LENGTH)) {
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^
skb->data is a pointer.  This pointer math is always going to be false.
Should it be testing "packet->act_len < HTC_HDR_LENGTH" or something?"

I don't know what the check really was supposed to do, but I think Dan's guess
is right. Fix it accordingly.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
drivers/net/wireless/ath/ath6kl/txrx.c

index 43dbdaadf5779e31f0e4ed8630b34f1ce2882bf2..ebb24045a8ae6cbcac844a239d11a05ee6f86e14 100644 (file)
@@ -1327,7 +1327,7 @@ void ath6kl_rx(struct htc_target *target, struct htc_packet *packet)
                   __func__, ar, ept, skb, packet->buf,
                   packet->act_len, status);
 
-       if (status || !(skb->data + HTC_HDR_LENGTH)) {
+       if (status || packet->act_len < HTC_HDR_LENGTH) {
                dev_kfree_skb(skb);
                return;
        }