If the length paramter in len2dlc() exceeds the size of the len2dlc array, we return 0xF. This is equal to the last 16 members of the array. This patch removes these members from the array, uses ARRAY_SIZE() for the length check, and returns CANFD_MAX_DLC (which is 0xf). Reviewed-by: Vincent Mailhol <mailhol.vincent@xxxxxxxxxx> Link: https://lore.kernel.org/r/20210111141930.693847-9-mkl@xxxxxxxxxxxxxx Signed-off-by: Marc Kleine-Budde <mkl@xxxxxxxxxxxxxx> --- drivers/net/can/dev/length.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/net/can/dev/length.c b/drivers/net/can/dev/length.c index 5e7d481717ea..d695a3bee1ed 100644 --- a/drivers/net/can/dev/length.c +++ b/drivers/net/can/dev/length.c @@ -27,15 +27,13 @@ static const u8 len2dlc[] = { 13, 13, 13, 13, 13, 13, 13, 13, /* 25 - 32 */ 14, 14, 14, 14, 14, 14, 14, 14, /* 33 - 40 */ 14, 14, 14, 14, 14, 14, 14, 14, /* 41 - 48 */ - 15, 15, 15, 15, 15, 15, 15, 15, /* 49 - 56 */ - 15, 15, 15, 15, 15, 15, 15, 15 /* 57 - 64 */ }; /* map the sanitized data length to an appropriate data length code */ u8 can_fd_len2dlc(u8 len) { - if (unlikely(len > 64)) - return 0xF; + if (len > ARRAY_SIZE(len2dlc)) + return CANFD_MAX_DLC; return len2dlc[len]; } -- 2.29.2