Commit 5112cab3 authored by Andrey Smirnov's avatar Andrey Smirnov Committed by Lee Jones

mfd: rave-sp: Check received frame length before accepting next byte

Check received frame length _before_ accepting next byte in order to
avoid incorrectly rejecting payloads that are RAVE_SP_RX_BUFFER_SIZE
long.
Signed-off-by: default avatarAndrey Smirnov <andrew.smirnov@gmail.com>
Tested-by: default avatarLucas Stach <l.stach@pengutronix.de>
Signed-off-by: default avatarLee Jones <lee.jones@linaro.org>
parent 44564bc3
......@@ -546,8 +546,6 @@ static int rave_sp_receive_buf(struct serdev_device *serdev,
/* FALLTHROUGH */
case RAVE_SP_EXPECT_ESCAPED_DATA:
deframer->data[deframer->length++] = byte;
if (deframer->length == sizeof(deframer->data)) {
dev_warn(dev, "Bad frame: Too long\n");
/*
......@@ -562,6 +560,8 @@ static int rave_sp_receive_buf(struct serdev_device *serdev,
goto reset_framer;
}
deframer->data[deframer->length++] = byte;
/*
* We've extracted out special byte, now we
* can go back to regular data collecting
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment