Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 5287bf726ff8a7353e883b73576710fd53dc88bb^! / . / drivers / usb / serial / cyberjack.c
commit5287bf726ff8a7353e883b73576710fd53dc88bb[log] [tgz]
authorDan Carpenter <dan.carpenter@oracle.com>Sun Oct 06 03:32:53 2013 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Mon Oct 07 00:07:18 2013 -0700
tree2eb133d1896892d95439812c74f8d0181d7c6def
parent5a3e2055c56c7c32b51d47bde78c7f7508ffea98 [diff] [blame]
USB: cyberjack: fix buggy integer overflow test

"old_rdtodo" and "size" are short type.  They are type promoted to int
and the condition is never true.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/usb/serial/cyberjack.c b/drivers/usb/serial/cyberjack.c
index 7814262..6e1b69d 100644
--- a/drivers/usb/serial/cyberjack.c
+++ b/drivers/usb/serial/cyberjack.c

@@ -279,7 +279,7 @@
 
 		old_rdtodo = priv->rdtodo;
 
-		if (old_rdtodo + size < old_rdtodo) {
+		if (old_rdtodo > SHRT_MAX - size) {
 			dev_dbg(dev, "To many bulk_in urbs to do.\n");
 			spin_unlock(&priv->lock);
 			goto resubmit;