* [patch] Bluetooth: change min_t() cast in hci_reassembly()
@ 2012-02-28 6:57 Dan Carpenter
2012-02-28 16:20 ` Marcel Holtmann
2012-03-01 1:40 ` Johan Hedberg
0 siblings, 2 replies; 3+ messages in thread
From: Dan Carpenter @ 2012-02-28 6:57 UTC (permalink / raw)
To: Marcel Holtmann; +Cc: Gustavo F. Padovan, linux-bluetooth, kernel-janitors
"count" is type int so the cast to __u16 truncates the high bits away
and triggers a Smatch static checker warning. It looks like a high
value of count could cause a forever loop, but I didn't follow it
through to see if count is capped somewhere.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index e6cbb8a..db484a8 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -1966,7 +1966,7 @@ static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
while (count) {
scb = (void *) skb->cb;
- len = min_t(__u16, scb->expect, count);
+ len = min_t(uint, scb->expect, count);
memcpy(skb_put(skb, len), data, len);
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [patch] Bluetooth: change min_t() cast in hci_reassembly()
2012-02-28 6:57 [patch] Bluetooth: change min_t() cast in hci_reassembly() Dan Carpenter
@ 2012-02-28 16:20 ` Marcel Holtmann
2012-03-01 1:40 ` Johan Hedberg
1 sibling, 0 replies; 3+ messages in thread
From: Marcel Holtmann @ 2012-02-28 16:20 UTC (permalink / raw)
To: Dan Carpenter; +Cc: Gustavo F. Padovan, linux-bluetooth, kernel-janitors
Hi Dan,
> "count" is type int so the cast to __u16 truncates the high bits away
> and triggers a Smatch static checker warning. It looks like a high
> value of count could cause a forever loop, but I didn't follow it
> through to see if count is capped somewhere.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
> index e6cbb8a..db484a8 100644
> --- a/net/bluetooth/hci_core.c
> +++ b/net/bluetooth/hci_core.c
> @@ -1966,7 +1966,7 @@ static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
>
> while (count) {
> scb = (void *) skb->cb;
> - len = min_t(__u16, scb->expect, count);
this is a good idea since essentially packets are max u16.
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Regards
Marcel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [patch] Bluetooth: change min_t() cast in hci_reassembly()
2012-02-28 6:57 [patch] Bluetooth: change min_t() cast in hci_reassembly() Dan Carpenter
2012-02-28 16:20 ` Marcel Holtmann
@ 2012-03-01 1:40 ` Johan Hedberg
1 sibling, 0 replies; 3+ messages in thread
From: Johan Hedberg @ 2012-03-01 1:40 UTC (permalink / raw)
To: Dan Carpenter
Cc: Marcel Holtmann, Gustavo F. Padovan, linux-bluetooth,
kernel-janitors
Hi Dan,
On Tue, Feb 28, 2012, Dan Carpenter wrote:
> "count" is type int so the cast to __u16 truncates the high bits away
> and triggers a Smatch static checker warning. It looks like a high
> value of count could cause a forever loop, but I didn't follow it
> through to see if count is capped somewhere.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
> index e6cbb8a..db484a8 100644
> --- a/net/bluetooth/hci_core.c
> +++ b/net/bluetooth/hci_core.c
> @@ -1966,7 +1966,7 @@ static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
>
> while (count) {
> scb = (void *) skb->cb;
> - len = min_t(__u16, scb->expect, count);
> + len = min_t(uint, scb->expect, count);
>
> memcpy(skb_put(skb, len), data, len);
Applied to my bluetooth-next tree. Thanks.
Johan
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-03-01 1:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-02-28 6:57 [patch] Bluetooth: change min_t() cast in hci_reassembly() Dan Carpenter
2012-02-28 16:20 ` Marcel Holtmann
2012-03-01 1:40 ` Johan Hedberg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).