Message ID | b082aae4-8366-91a6-e8ff-d8cbbff77b09@omp.ru (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | usb: host: xhci-dbgtty: fix check in dbc_tty_write() | expand |
Index: usb/drivers/usb/host/xhci-dbgtty.c =================================================================== --- usb.orig/drivers/usb/host/xhci-dbgtty.c +++ usb/drivers/usb/host/xhci-dbgtty.c @@ -216,7 +216,7 @@ static int dbc_tty_write(struct tty_stru unsigned long flags; spin_lock_irqsave(&port->port_lock, flags); - if (count) + if (count > 0) count = kfifo_in(&port->write_fifo, buf, count); dbc_start_tx(port); spin_unlock_irqrestore(&port->port_lock, flags);
The 'int count' parameter of the tty write() method gets assigned to *unsigned long* local variable in the fifo_in() macro which implies a problematic type cast. Fix the 'count' check before the fifo_in() invocation to account for the signed type of the 'count' parameter... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru> --- drivers/usb/host/xhci-dbgtty.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)