Hello Simon. On 07.03.23 09:42, Simon Horman wrote:
On Mon, Mar 06, 2023 at 11:18:24AM -0800, Harshit Mogalapalli wrote:mac_len is of type unsigned, which can never be less than zero. mac_len = ieee802154_hdr_peek_addrs(skb, &header); if (mac_len < 0) return mac_len; Change this to type int as ieee802154_hdr_peek_addrs() can return negative integers, this is found by static analysis with smatch. Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx>I discussed this briefly with Harshit offline. The commit referenced above tag does add the call to ieee802154_hdr_peek_addrs(), an there is a sign miss match between the return value and the variable. The code to check the mac_len was added more recently, by the following commit. However the fixes tag is probably fine as-is, because it's fixing error handling of a call made in that commit. 6c993779ea1d ("ca8210: fix mac_len negative array access") Reviewed-by: Simon Horman <simon.horman@xxxxxxxxxxxx>
I agree that the commit above is the better Fixes tag as it makes clear it only comes after this change. I amended the commit message accordingly when applying this to wpan.
regards Stefan Schmidt
