NFC: potential integer overflow problem in check_crc()
authorDan Carpenter <dan.carpenter@oracle.com>
Fri, 18 May 2012 07:36:47 +0000 (10:36 +0300)
committerJohn W. Linville <linville@tuxdriver.com>
Fri, 25 May 2012 15:16:16 +0000 (11:16 -0400)
commit885ba1da689299ec52e646ca1a2429b8de55f364
tree14cda3eb36796e77510994306c73197f47a5ff16
parentf380f2c4a12e913356bd49f8790ec1063c4fe9f8
NFC: potential integer overflow problem in check_crc()

If "buf[0]" is 255 then "len" gets set to 0.  The call to
"crc_ccitt(0xffff, buf, len - 2);" casts the "len - 2" to a high
positive number which is ugly.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/nfc/pn544_hci.c