Hello Simon.
On 07.03.23 09:42, Simon Horman wrote:
On Mon, Mar 06, 2023 at 11:18:24AM -0800, Harshit Mogalapalli wrote:
mac_len is of type unsigned, which can never be less than zero.
mac_len = ieee802154_hdr_peek_addrs(skb, &header);
if (mac_len < 0)
return mac_len;
Change this to type int as ieee802154_hdr_peek_addrs() can return negative
integers, this is found by static analysis with smatch.
Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx>
I discussed this briefly with Harshit offline.
The commit referenced above tag does add the call to
ieee802154_hdr_peek_addrs(), an there is a sign miss match between
the return value and the variable.
The code to check the mac_len was added more recently, by the following
commit. However the fixes tag is probably fine as-is, because it's fixing
error handling of a call made in that commit.
6c993779ea1d ("ca8210: fix mac_len negative array access")
Reviewed-by: Simon Horman <simon.horman@xxxxxxxxxxxx>
I agree that the commit above is the better Fixes tag as it makes clear
it only comes after this change. I amended the commit message
accordingly when applying this to wpan.
regards
Stefan Schmidt