Re: [PATCH v2 1/2] HID: u2fzero: explicitly check for errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 18/10/2021 16:15, Alan Stern wrote:
On Mon, Oct 18, 2021 at 02:21:43PM +0200, Andrej Shadura wrote:
The previous commit fixed handling of incomplete packets but broke error
handling: offsetof returns an unsigned value (size_t), but when compared
against the signed return value, the return value is interpreted as if
it were unsigned, so negative return values are never less than the
offset.

Fixes: 22d65765f211 ("HID: u2fzero: ignore incomplete packets without data")
Fixes: 42337b9d4d95 ("HID: add driver for U2F Zero built-in LED and RNG")
Signed-off-by: Andrej Shadura <andrew.shadura@xxxxxxxxxxxxxxx>
---
  drivers/hid/hid-u2fzero.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/hid/hid-u2fzero.c b/drivers/hid/hid-u2fzero.c
index d70cd3d7f583..5145d758bea0 100644
--- a/drivers/hid/hid-u2fzero.c
+++ b/drivers/hid/hid-u2fzero.c
@@ -200,7 +200,7 @@ static int u2fzero_rng_read(struct hwrng *rng, void *data,
  	ret = u2fzero_recv(dev, &req, &resp);
/* ignore errors or packets without data */
-	if (ret < offsetof(struct u2f_hid_msg, init.data))
+	if (ret < 0 || ret < offsetof(struct u2f_hid_msg, init.data))

Although the patch description does a good job of explaining what's
happening, someone merely reading the code will most likely not
understand.

One alternative is to add a comment.  Another is simply to force a
signed integer comparison:

	if (ret < (ssize_t) offsetof(...

I have considered that, but I thought that is actually less readable than having two conditions. I’m curious that you say "ignore errors or packets without data" is not clear enough — how would you reword that without inflating it too much?

--
Cheers,
  Andrej



[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux