wusb: fix find_first_zero_bit() return value check

In wusb_cluster_id_get(), if no zero bits exist in wusb_cluster_id_table,
find_first_zero_bit() returns CLUSTER_IDS.

But it is impossible to detect that the bitmap is full because there
is an off-by-one error in the return value check.  It will cause
unexpected memory access by setting bit out of wusb_cluster_id_table
bitmap, and caller will get wrong cluster id.

Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Cc: linux-usb@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
Akinobu Mita 2011-03-02 20:35:28 +09:00 committed by Greg Kroah-Hartman
parent 60b0bf0f11
commit 962f3ffa92
1 changed files with 1 additions and 1 deletions

View File

@ -320,7 +320,7 @@ u8 wusb_cluster_id_get(void)
u8 id; u8 id;
spin_lock(&wusb_cluster_ids_lock); spin_lock(&wusb_cluster_ids_lock);
id = find_first_zero_bit(wusb_cluster_id_table, CLUSTER_IDS); id = find_first_zero_bit(wusb_cluster_id_table, CLUSTER_IDS);
if (id > CLUSTER_IDS) { if (id >= CLUSTER_IDS) {
id = 0; id = 0;
goto out; goto out;
} }