In l2cap_connect(), scid is an unsigned 16bit variable. Thus, it's
maximum value is L2CAP_CID_DYN_END (0xffff) and there is no need
to check for this value being exceeded.
Flagged by Smatch as:
.../l2cap_core.c:4165 l2cap_connect() warn: impossible condition '(scid > 65535) => (0-u16max > u16max)'
Signed-off-by: Simon Horman <horms@xxxxxxxxxx>
---
net/bluetooth/l2cap_core.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index ae397c6819d9..a5d85a5f5930 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -4161,8 +4161,12 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn,
result = L2CAP_CR_NO_MEM;
- /* Check for valid dynamic CID range (as per Erratum 3253) */
- if (scid < L2CAP_CID_DYN_START || scid > L2CAP_CID_DYN_END) {
+ /* Check for valid dynamic CID range (as per Erratum 3253).
+ * As scid is an unsigned 16bit variable it's maximum
+ * value is L2CAP_CID_DYN_END (0xffff): there is no need to check
+ * if scid exceeds that value here.
+ */
+ if (scid < L2CAP_CID_DYN_START) {
result = L2CAP_CR_INVALID_SCID;
goto response;
}
