hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NFC: potential integer overflow problem in check_crc() 

If "buf[0]" is 255 then "len" gets set to 0.  The call to
"crc_ccitt(0xffff, buf, len - 2);" casts the "len - 2" to a high
positive number which is ugly.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Dan Carpenter 2012-05-18 10:36:47 +03:00 committed by John W. Linville
parent f380f2c4a1
commit 885ba1da68
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/nfc/pn544_hci.c
View File

@ -232,7 +232,7 @@ static int pn544_hci_i2c_write(struct i2c_client *client, u8 *buf, int len)
static int check_crc(u8 *buf, int buflen) static int check_crc(u8 *buf, int buflen)
{ {
u8 len; int len;
u16 crc; u16 crc;
len = buf[0] + 1; len = buf[0] + 1;