[PATCH] NFC: fdp: Fix signedness bug in fdp_nci_send_patch

From: Wen Yang
Date: Thu Nov 29 2018 - 02:28:34 EST

Next message: syzbot: "invalid opcode in close_fs_devices"
Previous message: niklas . morberg: "[PATCH] ASoC: adau1761: Ensure DSP_RUN and DSP_ENABLE are disabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Currently, the error handling for the call to
nci_conn_max_data_pkt_payload_size() doesn't work
because *max_size* is of type u8 (8 bits, unsigned),
which makes it impossible for it to hold a value less
than 0.

Fix this by changing the type of variable *max_size*
to s16 (16 bits, signed).

since conn_info->max_pkt_payload_len is of type u8,
so s16 is enough.

Signed-off-by: Wen Yang <wen.yang99@xxxxxxxxxx>
CC: Samuel Ortiz <sameo@xxxxxxxxxxxxxxx>
CC: linux-wireless@xxxxxxxxxxxxxxx
CC: linux-kernel@xxxxxxxxxxxxxxx
---
drivers/nfc/fdp/fdp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nfc/fdp/fdp.c b/drivers/nfc/fdp/fdp.c
index d5784a47fc13..d9203e2468fd 100644
--- a/drivers/nfc/fdp/fdp.c
+++ b/drivers/nfc/fdp/fdp.c
@@ -192,7 +192,7 @@ static int fdp_nci_send_patch(struct nci_dev *ndev, u8 conn_id, u8 type)
const struct firmware *fw;
struct sk_buff *skb;
unsigned long len;
- u8 max_size, payload_size;
+ s16 max_size, payload_size;
int rc = 0;

if ((type == NCI_PATCH_TYPE_OTP && !info->otp_patch) ||
--
2.19.1

Next message: syzbot: "invalid opcode in close_fs_devices"
Previous message: niklas . morberg: "[PATCH] ASoC: adau1761: Ensure DSP_RUN and DSP_ENABLE are disabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]