ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done
authorYueHaibing <yuehaibing@huawei.com>
Tue, 11 Dec 2018 03:13:39 +0000 (11:13 +0800)
committerStefan Schmidt <stefan@datenfreihafen.org>
Tue, 11 Dec 2018 08:33:11 +0000 (09:33 +0100)
gcc warning this:

drivers/net/ieee802154/ca8210.c:730:10: warning:
 comparison is always false due to limited range of data type [-Wtype-limits]

'len' is u8 type, we get it from buf[1] adding 2, which can overflow.
This patch change the type of 'len' to unsigned int to avoid this,also fix
the gcc warning.

Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
drivers/net/ieee802154/ca8210.c

index 0ff5a403a8dc356a359fb085be26379ca011b67b..b2ff903a9cb6e56a47814be2559589b73325302a 100644 (file)
@@ -721,7 +721,7 @@ static void ca8210_mlme_reset_worker(struct work_struct *work)
 static void ca8210_rx_done(struct cas_control *cas_ctl)
 {
        u8 *buf;
-       u8 len;
+       unsigned int len;
        struct work_priv_container *mlme_reset_wpc;
        struct ca8210_priv *priv = cas_ctl->priv;
 
@@ -730,7 +730,7 @@ static void ca8210_rx_done(struct cas_control *cas_ctl)
        if (len > CA8210_SPI_BUF_SIZE) {
                dev_crit(
                        &priv->spi->dev,
-                       "Received packet len (%d) erroneously long\n",
+                       "Received packet len (%u) erroneously long\n",
                        len
                );
                goto finish;