wusb: fix find_first_zero_bit() return value check
In wusb_cluster_id_get(), if no zero bits exist in wusb_cluster_id_table, find_first_zero_bit() returns CLUSTER_IDS. But it is impossible to detect that the bitmap is full because there is an off-by-one error in the return value check. It will cause unexpected memory access by setting bit out of wusb_cluster_id_table bitmap, and caller will get wrong cluster id. Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Cc: linux-usb@vger.kernel.org Cc: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
parent
60b0bf0f11
commit
962f3ffa92
|
@ -320,7 +320,7 @@ u8 wusb_cluster_id_get(void)
|
||||||
u8 id;
|
u8 id;
|
||||||
spin_lock(&wusb_cluster_ids_lock);
|
spin_lock(&wusb_cluster_ids_lock);
|
||||||
id = find_first_zero_bit(wusb_cluster_id_table, CLUSTER_IDS);
|
id = find_first_zero_bit(wusb_cluster_id_table, CLUSTER_IDS);
|
||||||
if (id > CLUSTER_IDS) {
|
if (id >= CLUSTER_IDS) {
|
||||||
id = 0;
|
id = 0;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue