This patch changes gdm_usb_send() and gdm_sdio_send() to return -EINVAL instead of calling BUG_ON if an invalid data length is passed to the functions. Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Reported-by: Michalis Pappas <mpappas@xxxxxxxxxxx> Signed-off-by: Ben Chan <benchan@xxxxxxxxxxxx> --- drivers/staging/gdm72xx/gdm_sdio.c | 3 ++- drivers/staging/gdm72xx/gdm_usb.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/staging/gdm72xx/gdm_sdio.c b/drivers/staging/gdm72xx/gdm_sdio.c index 0c6a3eb..9d2de6f 100644 --- a/drivers/staging/gdm72xx/gdm_sdio.c +++ b/drivers/staging/gdm72xx/gdm_sdio.c @@ -390,7 +390,8 @@ static int gdm_sdio_send(void *priv_dev, void *data, int len, u16 cmd_evt; unsigned long flags; - BUG_ON(len > TX_BUF_SIZE - TYPE_A_HEADER_SIZE); + if (len > TX_BUF_SIZE - TYPE_A_HEADER_SIZE) + return -EINVAL; spin_lock_irqsave(&tx->lock, flags); diff --git a/drivers/staging/gdm72xx/gdm_usb.c b/drivers/staging/gdm72xx/gdm_usb.c index cd8e6e4..971976c 100644 --- a/drivers/staging/gdm72xx/gdm_usb.c +++ b/drivers/staging/gdm72xx/gdm_usb.c @@ -312,7 +312,8 @@ static int gdm_usb_send(void *priv_dev, void *data, int len, return -ENODEV; } - BUG_ON(len > TX_BUF_SIZE - padding - 1); + if (len > TX_BUF_SIZE - padding - 1) + return -EINVAL; spin_lock_irqsave(&tx->lock, flags); -- 2.0.0.526.g5318336 _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
