We should be testing the length before fitting into the u8 byte_count.
This is just a sanity check, the MCTP stack should have limited to MTU
which is checked, and we check consistency later in mctp_i2c_xmit().
Found by Smatch
mctp_i2c_header_create() warn: impossible condition
'(hdr->byte_count > 255) => (0-255 > 255)'
Signed-off-by: Matt Johnston <matt@codeconstruct.com.au>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
struct mctp_hdr *mhdr;
u8 lldst, llsrc;
+ if (len > MCTP_I2C_MAXMTU)
+ return -EMSGSIZE;
+
lldst = *((u8 *)daddr);
llsrc = *((u8 *)saddr);
hdr->dest_slave = (lldst << 1) & 0xff;
hdr->command = MCTP_I2C_COMMANDCODE;
hdr->byte_count = len + 1;
- if (hdr->byte_count > MCTP_I2C_MAXBLOCK)
- return -EMSGSIZE;
hdr->source_slave = ((llsrc << 1) & 0xff) | 0x01;
mhdr->ver = 0x01;