UBI: fix check for "too many bytes"

[ Upstream commit 299d0c5b ] The comparison from the previous line seems to have been erroneously (partially) copied-and-pasted onto the next. The second line should be checking req.bytes, not req.lnum. Coverity CID #139400 Cc: stable <stable@vger.kernel.org> Signed-off-by: Brian Norris <computersforpeace@gmail.com> [rw: Fixed comparison] Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>

UBI: fix check for "too many bytes"
[ Upstream commit 299d0c5b ] The comparison from the previous line seems to have been erroneously (partially) copied-and-pasted onto the next. The second line should be checking req.bytes, not req.lnum. Coverity CID #139400 Cc: stable <stable@vger.kernel.org> Signed-off-by: Brian Norris <computersforpeace@gmail.com> [rw: Fixed comparison] Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
054cf47d · Brian Norris · Sasha Levin · 256f3466 · 054cf47d
Commit 054cf47d authored Feb 28, 2015 by Brian Norris Committed by Sasha Levin May 17, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/mtd/ubi/cdev.c drivers/mtd/ubi/cdev.c +1 -1

No files found.
--- a/drivers/mtd/ubi/cdev.c
+++ b/drivers/mtd/ubi/cdev.c
@@ -453,7 +453,7 @@ static long vol_cdev_ioctl(struct file *file, unsigned int cmd,
 		/* Validate the request */
 		err = -EINVAL;
 		if (req.lnum < 0 || req.lnum >= vol->reserved_pebs ||
-		    req.bytes < 0 || req.lnum >= vol->usable_leb_size)
+		    req.bytes < 0 || req.bytes > vol->usable_leb_size)
 			break;

 		err = get_exclusive(desc);