summaryrefslogtreecommitdiffstats
path: root/drivers/nfc
diff options
context:
space:
mode:
authorAlexander Usyskin <alexander.usyskin@intel.com>2016-10-31 19:02:39 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2016-10-31 10:25:22 -0600
commit582ab27a063a506ccb55fc48afcc325342a2deba (patch)
tree022881574d27b4ef75f42ca1da13d1bea27fe1d9 /drivers/nfc
parenta909d3e636995ba7c349e2ca5dbb528154d4ac30 (diff)
downloadlinux-stable-582ab27a063a506ccb55fc48afcc325342a2deba.tar.gz
linux-stable-582ab27a063a506ccb55fc48afcc325342a2deba.tar.bz2
linux-stable-582ab27a063a506ccb55fc48afcc325342a2deba.zip
mei: bus: fix received data size check in NFC fixup
NFC version reply size checked against only header size, not against full message size. That may lead potentially to uninitialized memory access in version data. That leads to warnings when version data is accessed: drivers/misc/mei/bus-fixup.c: warning: '*((void *)&ver+11)' may be used uninitialized in this function [-Wuninitialized]: => 212:2 Reported in Build regressions/improvements in v4.9-rc3 https://lkml.org/lkml/2016/10/30/57 Fixes: 59fcd7c63abf (mei: nfc: Initial nfc implementation) Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/nfc')
-rw-r--r--drivers/nfc/mei_phy.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/nfc/mei_phy.c b/drivers/nfc/mei_phy.c
index 83deda4bb4d6..6f9563a96488 100644
--- a/drivers/nfc/mei_phy.c
+++ b/drivers/nfc/mei_phy.c
@@ -133,7 +133,7 @@ static int mei_nfc_if_version(struct nfc_mei_phy *phy)
return -ENOMEM;
bytes_recv = mei_cldev_recv(phy->cldev, (u8 *)reply, if_version_length);
- if (bytes_recv < 0 || bytes_recv < sizeof(struct mei_nfc_reply)) {
+ if (bytes_recv < 0 || bytes_recv < if_version_length) {
pr_err("Could not read IF version\n");
r = -EIO;
goto err;