hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

usbnet: avoid integer overflow in start_xmit 

transfer_buffer_length is of type u32. It's therefore wrong to assign it
to a signed integer. This patch avoids the overflow.

It's worth noting that entry->length here is a long; perhaps it would be
beneficial at somepoint to change this to be unsigned as well, if
nothing else relies on its signedness for error conditions or the like.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Jason A. Donenfeld 2015-05-06 15:09:40 +02:00 committed by David S. Miller
parent 240b23c426
commit 3e4336a65a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/net/usb/usbnet.c
View File

@ -1285,7 +1285,7 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
struct net_device *net) struct net_device *net)
{ {
struct usbnet *dev = netdev_priv(net); struct usbnet *dev = netdev_priv(net);
int length; unsigned int length;
struct urb *urb = NULL; struct urb *urb = NULL;
struct skb_data *entry; struct skb_data *entry;
struct driver_info *info = dev->driver_info; struct driver_info *info = dev->driver_info;
@ -1413,7 +1413,7 @@ not_drop:
} }
} else } else
netif_dbg(dev, tx_queued, dev->net, netif_dbg(dev, tx_queued, dev->net,
"> tx, len %d, type 0x%x\n", length, skb->protocol); "> tx, len %u, type 0x%x\n", length, skb->protocol);
#ifdef CONFIG_PM #ifdef CONFIG_PM
deferred: deferred:
#endif #endif