Re: [PATCH next] ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
From: Simon Horman
Date: Tue Mar 07 2023 - 03:43:06 EST
On Mon, Mar 06, 2023 at 11:18:24AM -0800, Harshit Mogalapalli wrote:
> mac_len is of type unsigned, which can never be less than zero.
>
> mac_len = ieee802154_hdr_peek_addrs(skb, &header);
> if (mac_len < 0)
> return mac_len;
>
> Change this to type int as ieee802154_hdr_peek_addrs() can return negative
> integers, this is found by static analysis with smatch.
>
> Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver")
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx>
I discussed this briefly with Harshit offline.
The commit referenced above tag does add the call to
ieee802154_hdr_peek_addrs(), an there is a sign miss match between
the return value and the variable.
The code to check the mac_len was added more recently, by the following
commit. However the fixes tag is probably fine as-is, because it's fixing
error handling of a call made in that commit.
6c993779ea1d ("ca8210: fix mac_len negative array access")
Reviewed-by: Simon Horman <simon.horman@xxxxxxxxxxxx>