Variables stNVMReadWrite.uioffset and stNVMReadWrite.uiNumBytes
are chosen from userspace and can be very high. The sum of
these two digits would result in a small number. Therefore,
this patch reorganizes the equation to remove the integer
overflow.
Signed-off-by: Kevin McKinney <klmckinney1@xxxxxxxxx>
---
drivers/staging/bcm/Bcmchar.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c
index 47d6818..a76eebe 100644
--- a/drivers/staging/bcm/Bcmchar.c
+++ b/drivers/staging/bcm/Bcmchar.c
@@ -1372,7 +1372,7 @@ cntrlEnd:
Status = BcmFlash2xCorruptSig(Adapter, Adapter->eActiveDSD);
if (Status != STATUS_SUCCESS) {
- if (((stNVMReadWrite.uiOffset + stNVMReadWrite.uiNumBytes) != Adapter->uiNVMDSDSize) ||
+ if ((stNVMReadWrite.uiOffset != (Adapter->uiNVMDSDSize - stNVMReadWrite.uiNumBytes)) ||
(stNVMReadWrite.uiNumBytes < SIGNATURE_SIZE)) {
BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "DSD Sig is present neither in Flash nor User provided Input..");
--
1.7.4.1
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
