| Message ID | 9863bc49abade85cad2ef6c1f535f61c2c24f163.1521806166.git.mchehab@s-opensource.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
diff --git a/drivers/media/i2c/ir-kbd-i2c.c b/drivers/media/i2c/ir-kbd-i2c.c index 1d11aab1817a..a7e23bcf845c 100644 --- a/drivers/media/i2c/ir-kbd-i2c.c +++ b/drivers/media/i2c/ir-kbd-i2c.c @@ -583,7 +583,7 @@ static int zilog_ir_format(struct rc_dev *rcdev, unsigned int *txbuf, /* first copy any leading non-repeating */ int leading = c - rep * 3; - if (leading + rep >= ARRAY_SIZE(code_block->codes) - 3) { + if (leading >= ARRAY_SIZE(code_block->codes) - 3 - rep) { dev_warn(&rcdev->dev, "IR too long, cannot transmit\n"); return -EINVAL; }
While the code is correct, it produces this warning: drivers/media/i2c/ir-kbd-i2c.c:593 zilog_ir_format() error: buffer overflow 'code_block->codes' 61 <= 173 As static analyzers may be tricked by arithmetic expressions on comparisions. So, change the order, in order to shut up this false-positive warning. That also makes easier for humans to understand that it won't be trying to go past buffer size. Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com> --- drivers/media/i2c/ir-kbd-i2c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)