On Fri, Nov 06, 2015 at 11:42:50PM +0200, Andy Shevchenko wrote: > On Fri, Nov 6, 2015 at 5:18 PM, Ivan Safonov <insafonov@xxxxxxxxx> wrote: > > psecuritypriv->authenticator_ie[0] = (unsigned char)psecnetwork->IELength; > > > > - if ((psecnetwork->IELength-12) < (256-1)) > > - memcpy(&psecuritypriv->authenticator_ie[1], &psecnetwork->IEs[12], psecnetwork->IELength-12); > > - else > > - memcpy(&psecuritypriv->authenticator_ie[1], &psecnetwork->IEs[12], (256-1)); > > + memcpy(&psecuritypriv->authenticator_ie[1], &psecnetwork->IEs[12], min_t(int, psecnetwork->IELength - 12, 256 - 1)); > > > > Run checkpatch.pl. The long line was there in the original so it's forgivable but probably should be changed in v2. The main thing though is that this looks to introduce a memory corruption but because the original used unsigned comparison and we have changed it to doing "int" comparison. It should be u32 like in the original code. Or size_t would be ok too. > > 256 looks like sizeof(…). Yup. regards, dan carpenter _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
