Sean MacLennan fixed this in the rtl8192e driver and we should fix
it here as well.
It's pretty harmless. This information comes from the firmware, if
we were to hit this bug we would read beyond the end of the array
once or twice before returning and update our statistics with bogus
data.
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
diff --git a/drivers/staging/rtl8192u/r819xU_cmdpkt.c b/drivers/staging/rtl8192u/r819xU_cmdpkt.c
index 002d9b4e..6810766 100644
--- a/drivers/staging/rtl8192u/r819xU_cmdpkt.c
+++ b/drivers/staging/rtl8192u/r819xU_cmdpkt.c
@@ -727,7 +727,7 @@ cmpk_message_handle_rx(
element type. Because FW may aggregate RX command packet to minimize
transmit time between DRV and FW.*/
// Add a counter to prevent the lock in the loop from being held too long
- while (total_length > 0 || exe_cnt++ >100)
+ while (total_length > 0 && exe_cnt++ < 100)
{
/* 2007/01/17 MH We support aggregation of different cmd in the same packet. */
element_id = pcmd_buff[0];
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
