From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Sun, 6 Oct 2013 00:32:53 +0000 (+0300)
Subject: USB: cyberjack: fix buggy integer overflow test
X-Git-Tag: v3.13-rc1~174^2~85
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5287bf726ff8a7353e883b73576710fd53dc88bb;p=kernel%2Fkernel-generic.git

USB: cyberjack: fix buggy integer overflow test

"old_rdtodo" and "size" are short type.  They are type promoted to int
and the condition is never true.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/usb/serial/cyberjack.c b/drivers/usb/serial/cyberjack.c
index 7814262..6e1b69d 100644
--- a/drivers/usb/serial/cyberjack.c
+++ b/drivers/usb/serial/cyberjack.c
@@ -279,7 +279,7 @@ static void cyberjack_read_int_callback(struct urb *urb)
 
 		old_rdtodo = priv->rdtodo;
 
-		if (old_rdtodo + size < old_rdtodo) {
+		if (old_rdtodo > SHRT_MAX - size) {
 			dev_dbg(dev, "To many bulk_in urbs to do.\n");
 			spin_unlock(&priv->lock);
 			goto resubmit;