Comparing an int to a size, which is unsigned, causes the int to become unsigned, giving the wrong result. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @safe disable not_int2@ int x; position p; binary operator op = {<,<=}; expression e; @@ ( x < 0 || (x@p op e) | x <= 0 || (x@p op e) | x > 0 && (x@p op e) | x >= 0 && (x@p op e) ) @@ int x; type t; expression e,e1; identifier f != {strlen,resource_size}; position p != safe.p; binary operator op = {<,<=}; @@ *x = f(...); ... when != x = e1 when != if (x < 0 || ...) { ... return ...; } ( *x@p op sizeof(e) | *x@p op sizeof(t) ) // </smpl> --- drivers/input/mouse/elan_i2c_smbus.c | 2 +- drivers/media/usb/gspca/kinect.c | 2 +- drivers/usb/wusbcore/security.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html