ipw2x00: signedness bug handling frame length

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This is basically just a cleanup. Large positive numbers get counted as
negative but then get implicitly cast to positive again for the checks
that matter.

This does make a small difference in ipw_handle_promiscuous_rx() when we
test "if (unlikely((len + IPW_RX_FRAME_SIZE) > skb_tailroom(rxb->skb)))"
It should return there, but we don't return until a couple lines later
when we test "if (len > IPW_RX_BUF_SIZE - sizeof(struct ipw_rt_hdr)) {".
The difference is that in the second test the sizeof() means that there
is an implied cast to unsigned.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

authored by

Dan Carpenter and committed by

John W. Linville 14 years ago 92c1ff1f ccde8a45

+2 -2

1 changed file

expand all

drivers

net

wireless

ipw2x00

ipw2200.c

+2 -2

drivers/net/wireless/ipw2x00/ipw2200.c

··· 7848 7848 * more efficiently than we can parse it. ORDER MATTERS HERE */ 7849 7849 struct ipw_rt_hdr *ipw_rt; 7850 7850 7851 - short len = le16_to_cpu(pkt->u.frame.length); 7851 + unsigned short len = le16_to_cpu(pkt->u.frame.length); 7852 7852 7853 7853 /* We received data from the HW, so stop the watchdog */ 7854 7854 dev->trans_start = jiffies; ··· 8023 8023 s8 signal = frame->rssi_dbm - IPW_RSSI_TO_DBM; 8024 8024 s8 noise = (s8) le16_to_cpu(frame->noise); 8025 8025 u8 rate = frame->rate; 8026 - short len = le16_to_cpu(pkt->u.frame.length); 8026 + unsigned short len = le16_to_cpu(pkt->u.frame.length); 8027 8027 struct sk_buff *skb; 8028 8028 int hdr_only = 0; 8029 8029 u16 filter = priv->prom_priv->filter;