brcm80211: fmac: resolve smatch issues in brcmfmac code
authorArend van Spriel <arend@broadcom.com>
Thu, 9 Feb 2012 20:09:00 +0000 (21:09 +0100)
committerJohn W. Linville <linville@tuxdriver.com>
Wed, 22 Feb 2012 19:48:51 +0000 (14:48 -0500)
This patch resolves the following smatch issues:

wl_cfg80211.c +1377 brcmf_cfg80211_connect(65) warn: min_t truncates
here '(sme->ssid_len)' (4294967295 vs 9223372036854775807)
dhd_sdio.c +1275 brcmf_sdbrcm_rxglom(156) warn: min_t truncates here
'(pfirst->len)' (2147483647 vs 4294967295)
dhd_sdio.c +1457 brcmf_sdbrcm_rxglom(338) warn: min_t truncates here
'(pfirst->len)' (2147483647 vs 4294967295)
bcmsdh_sdmmc.c +300 brcmf_sdioh_request_buffer(10) warn: variable
dereferenced before check 'pkt' (see line 295)

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/brcm80211/brcmfmac/bcmsdh_sdmmc.c
drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c

index ac71adeece51aa0f4bcb343de17e2abfbd130bde..b698a76f8550781fd2ce1ee0458c0657580036ea 100644 (file)
@@ -294,13 +294,14 @@ int brcmf_sdioh_request_buffer(struct brcmf_sdio_dev *sdiodev,
                               struct sk_buff *pkt)
 {
        int status;
-       uint pkt_len = pkt->len;
+       uint pkt_len;
        bool fifo = (fix_inc == SDIOH_DATA_FIX);
 
        brcmf_dbg(TRACE, "Enter\n");
 
        if (pkt == NULL)
                return -EINVAL;
+       pkt_len = pkt->len;
 
        brcmf_pm_resume_wait(sdiodev, &sdiodev->request_buffer_wait);
        if (brcmf_pm_resume_error(sdiodev))
index 74c95a597950426f10fc1029d4f0b2faea31ce38..e95a883c77daa08b91b585a5f1351a168b5dc96d 100644 (file)
@@ -1376,7 +1376,7 @@ brcmf_cfg80211_connect(struct wiphy *wiphy, struct net_device *ndev,
        memset(&join_params, 0, sizeof(join_params));
        join_params_size = sizeof(join_params.ssid_le);
 
-       ssid.SSID_len = min_t(u32, sizeof(ssid.SSID), sme->ssid_len);
+       ssid.SSID_len = min_t(u32, sizeof(ssid.SSID), (u32)sme->ssid_len);
        memcpy(&join_params.ssid_le.SSID, sme->ssid, ssid.SSID_len);
        memcpy(&ssid.SSID, sme->ssid, ssid.SSID_len);
        join_params.ssid_le.SSID_len = cpu_to_le32(ssid.SSID_len);