Commit 054cf47d authored by Brian Norris's avatar Brian Norris Committed by Sasha Levin

UBI: fix check for "too many bytes"

[ Upstream commit 299d0c5b ]

The comparison from the previous line seems to have been erroneously
(partially) copied-and-pasted onto the next. The second line should be
checking req.bytes, not req.lnum.

Coverity CID #139400

Cc: stable <stable@vger.kernel.org>
Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
[rw: Fixed comparison]
Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
parent 256f3466
......@@ -453,7 +453,7 @@ static long vol_cdev_ioctl(struct file *file, unsigned int cmd,
/* Validate the request */
err = -EINVAL;
if (req.lnum < 0 || req.lnum >= vol->reserved_pebs ||
req.bytes < 0 || req.lnum >= vol->usable_leb_size)
req.bytes < 0 || req.bytes > vol->usable_leb_size)
break;
err = get_exclusive(desc);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment