aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2013-03-01 00:14:19 -0500
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-03-15 14:45:16 -0400
commitbba90aedb00906a2f0d34325610729a1ee016f43 (patch)
tree825d4e5fd91842776212a7a9975c0ef9c1886a7e
parent39d35681d5380b403855202dcd75575a8d5b0ec1 (diff)
usb: storage: onetouch: tighten a range check
Smatch complains because we only allocate ONETOUCH_PKT_LEN (2) bytes but later when we call usb_fill_int_urb() we assume maxp can be up to 8 bytes. I talked to the maintainer and maxp should be capped at ONETOUCH_PKT_LEN. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat
-rw-r--r--drivers/usb/storage/onetouch.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/usb/storage/onetouch.c b/drivers/usb/storage/onetouch.c
index cb79de61f4c8..26964895c88b 100644
--- a/drivers/usb/storage/onetouch.c
+++ b/drivers/usb/storage/onetouch.c
@@ -195,6 +195,7 @@ static int onetouch_connect_input(struct us_data *ss)
195 195
196 pipe = usb_rcvintpipe(udev, endpoint->bEndpointAddress); 196 pipe = usb_rcvintpipe(udev, endpoint->bEndpointAddress);
197 maxp = usb_maxpacket(udev, pipe, usb_pipeout(pipe)); 197 maxp = usb_maxpacket(udev, pipe, usb_pipeout(pipe));
198 maxp = min(maxp, ONETOUCH_PKT_LEN);
198 199
199 onetouch = kzalloc(sizeof(struct usb_onetouch), GFP_KERNEL); 200 onetouch = kzalloc(sizeof(struct usb_onetouch), GFP_KERNEL);
200 input_dev = input_allocate_device(); 201 input_dev = input_allocate_device();
@@ -245,8 +246,7 @@ static int onetouch_connect_input(struct us_data *ss)
245 input_dev->open = usb_onetouch_open; 246 input_dev->open = usb_onetouch_open;
246 input_dev->close = usb_onetouch_close; 247 input_dev->close = usb_onetouch_close;
247 248
248 usb_fill_int_urb(onetouch->irq, udev, pipe, onetouch->data, 249 usb_fill_int_urb(onetouch->irq, udev, pipe, onetouch->data, maxp,
249 (maxp > 8 ? 8 : maxp),
250 usb_onetouch_irq, onetouch, endpoint->bInterval); 250 usb_onetouch_irq, onetouch, endpoint->bInterval);
251 onetouch->irq->transfer_dma = onetouch->data_dma; 251 onetouch->irq->transfer_dma = onetouch->data_dma;
252 onetouch->irq->transfer_flags |= URB_NO_TRANSFER_DMA_MAP; 252 onetouch->irq->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-28 00:18:11 -0500