From: YueHaibing Date: Tue, 11 Dec 2018 03:13:39 +0000 (+0800) Subject: ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done X-Git-Tag: v4.19.15~122 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=af03a980e86fc4c90bccad23dd8edc20efc589a2;p=platform%2Fkernel%2Flinux-rpi3.git ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done [ Upstream commit 8e41cae64b08fe2e86a9ffb88b295c6b4b3a3322 ] gcc warning this: drivers/net/ieee802154/ca8210.c:730:10: warning: comparison is always false due to limited range of data type [-Wtype-limits] 'len' is u8 type, we get it from buf[1] adding 2, which can overflow. This patch change the type of 'len' to unsigned int to avoid this,also fix the gcc warning. Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") Signed-off-by: YueHaibing Signed-off-by: Stefan Schmidt Signed-off-by: Sasha Levin --- diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c index 0ff5a40..b2ff903 100644 --- a/drivers/net/ieee802154/ca8210.c +++ b/drivers/net/ieee802154/ca8210.c @@ -721,7 +721,7 @@ static void ca8210_mlme_reset_worker(struct work_struct *work) static void ca8210_rx_done(struct cas_control *cas_ctl) { u8 *buf; - u8 len; + unsigned int len; struct work_priv_container *mlme_reset_wpc; struct ca8210_priv *priv = cas_ctl->priv; @@ -730,7 +730,7 @@ static void ca8210_rx_done(struct cas_control *cas_ctl) if (len > CA8210_SPI_BUF_SIZE) { dev_crit( &priv->spi->dev, - "Received packet len (%d) erroneously long\n", + "Received packet len (%u) erroneously long\n", len ); goto finish;