From c2f9a4e4a5abfc84c01b738496b3fd2d471e0b18 Mon Sep 17 00:00:00 2001

From: Colin Ian King <colin.king@canonical.com>

Date: Sun, 26 Jan 2020 00:09:54 +0000

Subject: [Backport c2f9a4e4a5ab] iwlegacy: ensure loop counter addr does not

 wrap and cause an infinite loop

The loop counter addr is a u16 where as the upper limit of the loop

is an int. In the unlikely event that the il->cfg->eeprom_size is

greater than 64K then we end up with an infinite loop since addr will

wrap around an never reach upper loop limit. Fix this by making addr

an int.

Addresses-Coverity: ("Infinite loop")

Fixes: be663ab67077 ("iwlwifi: split the drivers for agn and legacy devices 3945/4965")

Signed-off-by: Colin Ian King <colin.king@canonical.com>

Acked-by: Stanislaw Gruszka <stf_xl@wp.pl>

Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

---

 src/common.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common.c b/src/common.c

index d966b29b45ee7716499edae1ff171cd77176604b..348c17ce72f5cd57b66fb5ae161b2381b3585bf3 100644

--- a/src/common.c

+++ b/src/common.c

@@ -699,7 +699,7 @@ il_eeprom_init(struct il_priv *il)

 	u32 gp = _il_rd(il, CSR_EEPROM_GP);

 	int sz;

 	int ret;

-	u16 addr;

+	int addr;

 	/* allocate eeprom */

 	sz = il->cfg->eeprom_size;

-- 

2.31.1