mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-01 22:54:01 +00:00
Code Issues Releases Wiki Activity

staging: most: usb: fix size overflow

Browse source 
Despite the user payload may not be bigger than (2**16 - 1) bytes, the
final packet size may be bigger because of the gap space needed for the
controller.

This patch removes the temporary variables of the type u16 that are used
to hold the offsets that may be bigger than 2**16 bytes.

Signed-off-by: Andrey Shvetsov <andrey.shvetsov@k2l.de>
Signed-off-by: Christian Gromm <christian.gromm@microchip.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Andrey Shvetsov 2017-04-07 15:38:39 +02:00 committed by Greg Kroah-Hartman
parent f500192890
commit 5c13155d19
1 changed files with 3 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
drivers/staging/most/hdm-usb/hdm_usb.c
View file

@ -281,7 +281,6 @@ static int hdm_add_padding(struct most_dev *mdev, int channel, struct mbo *mbo)
struct most_channel_config *conf = &mdev->conf[channel];
unsigned int frame_size = get_stream_frame_size(conf);
unsigned int j, num_frames;
u16 rd_addr, wr_addr;
if (!frame_size)
return -EIO;
@ -293,13 +292,10 @@ static int hdm_add_padding(struct most_dev *mdev, int channel, struct mbo *mbo)
return -EIO;
}
for (j = 1; j < num_frames; j++) {
wr_addr = (num_frames - j) * USB_MTU;
rd_addr = (num_frames - j) * frame_size;
memmove(mbo->virt_address + wr_addr,
mbo->virt_address + rd_addr,
for (j = num_frames - 1; j > 0; j--)
memmove(mbo->virt_address + j * USB_MTU,
mbo->virt_address + j * frame_size,
frame_size);
}
mbo->buffer_length = num_frames * USB_MTU;
return 0;
}