staging: tidspbridge: use safer test on the result of find_first_zero_bit
authorJulia Lawall <Julia.Lawall@lip6.fr>
Wed, 4 Jun 2014 09:07:54 +0000 (11:07 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 18 Jun 2014 22:23:05 +0000 (15:23 -0700)
Find_first_zero_bit considers BITS_PER_LONG bits at a time, and thus may
return a larger number than the maximum position argument if that position
is not a multiple of BITS_PER_LONG.

The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@@
expression e1,e2,e3;
statement S1,S2;
@@

e1 = find_first_zero_bit(e2,e3)
...
if (e1
- ==
+ >=
  e3)
S1 else S2
// </smpl>

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/tidspbridge/rmgr/node.c

index 9d3044a384eeb4b882cc1cd24cb8cf26e86082a8..305f3a60db71475c82096bbcd4e2c32888c617ca 100644 (file)
@@ -935,7 +935,7 @@ int node_connect(struct node_object *node1, u32 stream1,
                                 node2_type == NODE_DAISSOCKET)) {
                /* Find available pipe */
                pipe_id = find_first_zero_bit(hnode_mgr->pipe_map, MAXPIPES);
-               if (pipe_id == MAXPIPES) {
+               if (pipe_id >= MAXPIPES) {
                        status = -ECONNREFUSED;
                        goto out_unlock;
                }
@@ -1008,7 +1008,7 @@ int node_connect(struct node_object *node1, u32 stream1,
                        status = -EINVAL;
                        goto out_unlock;
                }
-               if (chnl_id == CHNL_MAXCHANNELS) {
+               if (chnl_id >= CHNL_MAXCHANNELS) {
                        status = -ECONNREFUSED;
                        goto out_unlock;
                }