NFC: potential integer overflow problem in check_crc() · 885ba1da68 - Gogs: Go Git Service GfA electronic

Explorar o código

NFC: potential integer overflow problem in check_crc()

If "buf[0]" is 255 then "len" gets set to 0.  The call to
"crc_ccitt(0xffff, buf, len - 2);" casts the "len - 2" to a high
positive number which is ugly.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

Dan Carpenter %!s(int64=13) %!d(string=hai) anos

pai

f380f2c4a1

achega

885ba1da68

Modificáronse 1 ficheiros con 1 adicións e 1 borrados

Dividir vista Mostrar estatísticas de Diff

						
							+ 1
							
							- 1
						
drivers/nfc/pn544_hci.c
							 
								Ver ficheiro
							
				@@ -232,7 +232,7 @@ static int pn544_hci_i2c_write(struct i2c_client *client, u8 *buf, int len)
			
				 static int check_crc(u8 *buf, int buflen)
			
				 {
			
				-	u8 len;
			
				+	int len;
			
				 	u16 crc;
			
				 	len = buf[0] + 1;