* [patch] usb: storage: onetouch: tighten a range check
@ 2013-03-01 5:14 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2013-03-01 5:14 UTC (permalink / raw)
To: kernel-janitors
Smatch complains because we only allocate ONETOUCH_PKT_LEN (2) bytes
but later when we call usb_fill_int_urb() we assume maxp can be up
to 8 bytes. I talked to the maintainer and maxp should be capped at
ONETOUCH_PKT_LEN.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/usb/storage/onetouch.c b/drivers/usb/storage/onetouch.c
index cb79de6..2696489 100644
--- a/drivers/usb/storage/onetouch.c
+++ b/drivers/usb/storage/onetouch.c
@@ -195,6 +195,7 @@ static int onetouch_connect_input(struct us_data *ss)
pipe = usb_rcvintpipe(udev, endpoint->bEndpointAddress);
maxp = usb_maxpacket(udev, pipe, usb_pipeout(pipe));
+ maxp = min(maxp, ONETOUCH_PKT_LEN);
onetouch = kzalloc(sizeof(struct usb_onetouch), GFP_KERNEL);
input_dev = input_allocate_device();
@@ -245,8 +246,7 @@ static int onetouch_connect_input(struct us_data *ss)
input_dev->open = usb_onetouch_open;
input_dev->close = usb_onetouch_close;
- usb_fill_int_urb(onetouch->irq, udev, pipe, onetouch->data,
- (maxp > 8 ? 8 : maxp),
+ usb_fill_int_urb(onetouch->irq, udev, pipe, onetouch->data, maxp,
usb_onetouch_irq, onetouch, endpoint->bInterval);
onetouch->irq->transfer_dma = onetouch->data_dma;
onetouch->irq->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2013-03-01 5:14 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-03-01 5:14 [patch] usb: storage: onetouch: tighten a range check Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox