On Sat, 2008-11-29 at 11:31 -0500, roel kluin wrote:
> unsigned req->data_len cannot be negative, and fix typo
>
> Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx>
> ---
> I am not sure whether this is what was intended, please review.
I think it was. The fix looks like we need it. However:
> diff --git a/drivers/scsi/libsas/sas_host_smp.c b/drivers/scsi/libsas/sas_host_smp.c
> index 16f9312..6eb0779 100644
> --- a/drivers/scsi/libsas/sas_host_smp.c
> +++ b/drivers/scsi/libsas/sas_host_smp.c
> @@ -199,12 +199,12 @@ int sas_smp_host_handler(struct Scsi_Host *shost, struct request *req,
> break;
>
> case SMP_DISCOVER:
> - req->data_len =- 16;
> - if (req->data_len < 0) {
> + if (req->data_len < 15) {
> req->data_len = 0;
> error = -EINVAL;
> goto out;
> }
What I don't like about this code is the magic numbers for lengths.
This patch now doubles them (and makes them even more magic by having <
n-1). How about fixing it like this instead:
if ((int)req->data_len < 0) {
...
That way the signed comparison just works if there was a negative
overflow?
Thanks,
James
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
