Re: [PATCH 3/3] mfd: rave-sp: Check received frame length before accepting next byte
From: Lucas Stach
Date: Tue Mar 06 2018 - 09:10:14 EST
Am Montag, den 26.02.2018, 07:07 -0800 schrieb Andrey Smirnov:
> Check received frame length _before_ accepting next byte in order to
> avoid incorrectly rejecting payloads that are RAVE_SP_RX_BUFFER_SIZE
> long.
>
> Cc: linux-kernel@xxxxxxxxxxxxxxx
> Cc: cphealy@xxxxxxxxx
> > Cc: Lucas Stach <l.stach@xxxxxxxxxxxxxx>
> > Cc: Lee Jones <lee.jones@xxxxxxxxxx>
> > Cc: Guenter Roeck <linux@xxxxxxxxxxxx>
> Signed-off-by: Andrey Smirnov <andrew.smirnov@xxxxxxxxx>
Tested-by: Lucas Stach <l.stach@xxxxxxxxxxxxxx>
> ---
> Âdrivers/mfd/rave-sp.c | 4 ++--
> Â1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
> index cec1e309b31f..76fa32006a1b 100644
> --- a/drivers/mfd/rave-sp.c
> +++ b/drivers/mfd/rave-sp.c
> @@ -548,8 +548,6 @@ static int rave_sp_receive_buf(struct serdev_device *serdev,
> > Â /* FALLTHROUGH */
> Â
> > Â case RAVE_SP_EXPECT_ESCAPED_DATA:
> > - deframer->data[deframer->length++] = byte;
> -
> > Â if (deframer->length == sizeof(deframer->data)) {
> > Â dev_warn(dev, "Bad frame: Too long\n");
> > Â /*
> @@ -564,6 +562,8 @@ static int rave_sp_receive_buf(struct serdev_device *serdev,
> > Â goto reset_framer;
> > Â }
> Â
> > + deframer->data[deframer->length++] = byte;
> +
> > Â /*
> > Â Â* We've extracted out special byte, now we
> > Â Â* can go back to regular data collecting