UBI: fix check for "too many bytes"

commit 299d0c5b upstream. The comparison from the previous line seems to have been erroneously (partially) copied-and-pasted onto the next. The second line should be checking req.bytes, not req.lnum. Coverity CID #139400 Signed-off-by: Brian Norris <computersforpeace@gmail.com> [rw: Fixed comparison] Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Luis Henriques <luis.henriques@canonical.com>

UBI: fix check for "too many bytes"
commit 299d0c5b upstream. The comparison from the previous line seems to have been erroneously (partially) copied-and-pasted onto the next. The second line should be checking req.bytes, not req.lnum. Coverity CID #139400 Signed-off-by: Brian Norris <computersforpeace@gmail.com> [rw: Fixed comparison] Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
bfa53978 · Brian Norris · Luis Henriques · 1b1c41a9 · bfa53978
Commit bfa53978 authored Feb 28, 2015 by Brian Norris Committed by Luis Henriques May 05, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/mtd/ubi/cdev.c drivers/mtd/ubi/cdev.c +1 -1

No files found.
--- a/drivers/mtd/ubi/cdev.c
+++ b/drivers/mtd/ubi/cdev.c
@@ -451,7 +451,7 @@ static long vol_cdev_ioctl(struct file *file, unsigned int cmd,
 		/* Validate the request */
 		err = -EINVAL;
 		if (req.lnum < 0 || req.lnum >= vol->reserved_pebs ||
-		    req.bytes < 0 || req.lnum >= vol->usable_leb_size)
+		    req.bytes < 0 || req.bytes > vol->usable_leb_size)
 			break;

 		err = get_exclusive(desc);