net: iosm: Prevent underflow in ipc_chnl_cfg_get()

Dan Carpenter · davem330 · commit 4f3f2e3fa043 · 2021-08-16T13:40:18.000+01:00
The bounds check on "index" doesn't catch negative values.  Using
ARRAY_SIZE() directly is more readable and more robust because it prevents
negative values for "index".  Fortunately we only pass valid values to
ipc_chnl_cfg_get() so this patch does not affect runtime.

Reported-by: Solomon Ucko &lt;solly.ucko@gmail.com&gt;
Signed-off-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Reviewed-by: M Chetan Kumar &lt;m.chetan.kumar@intel.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
diff --git a/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c b/drivers/net/wwan/iosm/iosm_ipc_chnl_cfg.c
@@ -64,10 +64,9 @@ static struct ipc_chnl_cfg modem_cfg[] = {
 
 int ipc_chnl_cfg_get(struct ipc_chnl_cfg *chnl_cfg, int index)
 {
-	int array_size = ARRAY_SIZE(modem_cfg);
-
-	if (index >= array_size) {
-		pr_err("index: %d and array_size %d", index, array_size);
+	if (index >= ARRAY_SIZE(modem_cfg)) {
+		pr_err("index: %d and array size %zu", index,
+		       ARRAY_SIZE(modem_cfg));
 		return -ECHRNG;
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -64,10 +64,9 @@ static struct ipc_chnl_cfg modem_cfg[] = {`
`64`	`64`
`65`	`65`	`int ipc_chnl_cfg_get(struct ipc_chnl_cfg *chnl_cfg, int index)`
`66`	`66`	`{`
`67`		`- int array_size = ARRAY_SIZE(modem_cfg);`
`68`		`-`
`69`		`- if (index >= array_size) {`
`70`		`- pr_err("index: %d and array_size %d", index, array_size);`
	`67`	`+ if (index >= ARRAY_SIZE(modem_cfg)) {`
	`68`	`+ pr_err("index: %d and array size %zu", index,`
	`69`	`+ ARRAY_SIZE(modem_cfg));`
`71`	`70`	`return -ECHRNG;`
`72`	`71`	`}`
`73`	`72`