From 5112cab38c76c28f973def1a9c8b881f2dc81a48 Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Thu, 8 Mar 2018 09:37:56 -0800 Subject: [PATCH] mfd: rave-sp: Check received frame length before accepting next byte Check received frame length _before_ accepting next byte in order to avoid incorrectly rejecting payloads that are RAVE_SP_RX_BUFFER_SIZE long. Signed-off-by: Andrey Smirnov Tested-by: Lucas Stach Signed-off-by: Lee Jones --- drivers/mfd/rave-sp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c index b70416050a81..cb0cc9d509a0 100644 --- a/drivers/mfd/rave-sp.c +++ b/drivers/mfd/rave-sp.c @@ -546,8 +546,6 @@ static int rave_sp_receive_buf(struct serdev_device *serdev, /* FALLTHROUGH */ case RAVE_SP_EXPECT_ESCAPED_DATA: - deframer->data[deframer->length++] = byte; - if (deframer->length == sizeof(deframer->data)) { dev_warn(dev, "Bad frame: Too long\n"); /* @@ -562,6 +560,8 @@ static int rave_sp_receive_buf(struct serdev_device *serdev, goto reset_framer; } + deframer->data[deframer->length++] = byte; + /* * We've extracted out special byte, now we * can go back to regular data collecting -- 2.30.2