mfd: rave-sp: Check received frame length before accepting next byte

Check received frame length _before_ accepting next byte in order to avoid incorrectly rejecting payloads that are RAVE_SP_RX_BUFFER_SIZE long. Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Tested-by: Lucas Stach <l.stach@pengutronix.de> Signed-off-by: Lee Jones <lee.jones@linaro.org>

mfd: rave-sp: Check received frame length before accepting next byte
Check received frame length _before_ accepting next byte in order to avoid incorrectly rejecting payloads that are RAVE_SP_RX_BUFFER_SIZE long. Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Tested-by: Lucas Stach <l.stach@pengutronix.de> Signed-off-by: Lee Jones <lee.jones@linaro.org>
5112cab3 · Andrey Smirnov · Lee Jones · 44564bc3 · 5112cab3
Commit 5112cab3 authored Mar 08, 2018 by Andrey Smirnov Committed by Lee Jones May 16, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

drivers/mfd/rave-sp.c drivers/mfd/rave-sp.c +2 -2

No files found.
--- a/drivers/mfd/rave-sp.c
+++ b/drivers/mfd/rave-sp.c
@@ -546,8 +546,6 @@ static int rave_sp_receive_buf(struct serdev_device *serdev,
 			/* FALLTHROUGH */

 		case RAVE_SP_EXPECT_ESCAPED_DATA:
-			deframer->data[deframer->length++] = byte;
-
 			if (deframer->length == sizeof(deframer->data)) {
 				dev_warn(dev, "Bad frame: Too long\n");
 				/*
@@ -562,6 +560,8 @@ static int rave_sp_receive_buf(struct serdev_device *serdev,
 				goto reset_framer;
 			}

+			deframer->data[deframer->length++] = byte;
+
 			/*
 			 * We've extracted out special byte, now we
 			 * can go back to regular data collecting