greybus: fix manifest parsing size bug
authorAlex Elder <elder@linaro.org>
Tue, 9 Sep 2014 18:55:09 +0000 (13:55 -0500)
committerGreg Kroah-Hartman <greg@kroah.com>
Tue, 9 Sep 2014 22:16:12 +0000 (15:16 -0700)
The type-specific "create" routines that get called while parsing
the descriptor entries in the module manifest assume the size they
are provided is the size of their data portion only--not including
the descriptor header.

Compute this value in greybus_new_module(), and pass it to those
functions rather than the full descriptor size.  Move a few
declarations to the innermost block that uses them.

Signed-off-by: Alex Elder <elder@linaro.org>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
drivers/staging/greybus/core.c

index 4b7034dc8558c6b22212302347fdd3752cc15799..f239b9694fb93c7131fb39d33f1b503a04910d95 100644 (file)
@@ -354,10 +354,8 @@ struct greybus_device *greybus_new_module(struct device *parent,
 {
        struct greybus_device *gdev;
        struct greybus_manifest *manifest;
-       struct greybus_descriptor *desc;
        int retval;
        int overall_size;
-       int desc_size;
        u8 version_major;
        u8 version_minor;
 
@@ -395,6 +393,10 @@ struct greybus_device *greybus_new_module(struct device *parent,
        size -= sizeof(manifest->header);
        data += sizeof(manifest->header);
        while (size > 0) {
+               struct greybus_descriptor *desc;
+               u16 desc_size;
+               size_t data_size;
+
                if (size < sizeof(desc->header)) {
                        dev_err(parent, "remaining size %d too small\n", size);
                        goto error;
@@ -406,26 +408,27 @@ struct greybus_device *greybus_new_module(struct device *parent,
                                desc_size);
                        goto error;
                }
+               data_size = (size_t)desc_size - sizeof(desc->header);
 
                switch (le16_to_cpu(desc->header.type)) {
                case GREYBUS_TYPE_FUNCTION:
-                       retval = create_function(gdev, desc, desc_size);
+                       retval = create_function(gdev, desc, data_size);
                        break;
 
                case GREYBUS_TYPE_MODULE_ID:
-                       retval = create_module_id(gdev, desc, desc_size);
+                       retval = create_module_id(gdev, desc, data_size);
                        break;
 
                case GREYBUS_TYPE_SERIAL_NUMBER:
-                       retval = create_serial_number(gdev, desc, desc_size);
+                       retval = create_serial_number(gdev, desc, data_size);
                        break;
 
                case GREYBUS_TYPE_STRING:
-                       retval = create_string(gdev, desc, desc_size);
+                       retval = create_string(gdev, desc, data_size);
                        break;
 
                case GREYBUS_TYPE_CPORT:
-                       retval = create_cport(gdev, desc, desc_size);
+                       retval = create_cport(gdev, desc, data_size);
                        break;
 
                case GREYBUS_TYPE_INVALID: