Date: Fri, 31 Jan 2014 22:42:27 +0000 (UTC) From: Hans Petter Selasky <hselasky@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r261330 - head/sys/dev/usb/wlan Message-ID: <201401312242.s0VMgR9k041016@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hselasky Date: Fri Jan 31 22:42:26 2014 New Revision: 261330 URL: http://svnweb.freebsd.org/changeset/base/261330 Log: Fix a range check for maximum transmit length. The existing code was off by 4 bytes in one case. Approved by: kevlo @ MFC after: 2 weeks Modified: head/sys/dev/usb/wlan/if_run.c Modified: head/sys/dev/usb/wlan/if_run.c ============================================================================== --- head/sys/dev/usb/wlan/if_run.c Fri Jan 31 20:52:08 2014 (r261329) +++ head/sys/dev/usb/wlan/if_run.c Fri Jan 31 22:42:26 2014 (r261330) @@ -3070,10 +3070,10 @@ tr_setup: STAILQ_REMOVE_HEAD(&pq->tx_qh, next); m = data->m; - size = (sc->mac_ver == 0x5592) ? - RUN_MAX_TXSZ + sizeof(uint32_t) : RUN_MAX_TXSZ; + size = (sc->mac_ver == 0x5592) ? + sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); if ((m->m_pkthdr.len + - sizeof(data->desc) + 3 + 8) > size) { + size + 3 + 8) > RUN_MAX_TXSZ) { DPRINTF("data overflow, %u bytes\n", m->m_pkthdr.len); @@ -3085,8 +3085,6 @@ tr_setup: } pc = usbd_xfer_get_frame(xfer, 0); - size = (sc->mac_ver == 0x5592) ? - sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); usbd_copy_in(pc, 0, &data->desc, size); usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); size += m->m_pkthdr.len;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401312242.s0VMgR9k041016>