Fix a range check for maximum transmit length. The existing code was

off by 4 bytes in one case. Approved by: kevlo @ MFC after: 2 weeks
svn path=/head/; revision=261330
2014-01-31 22:42:26 +00:00 · 2014-01-31 22:42:26 +00:00 · 198fc7c37f · 2020-12-20 02:59:44 +00:00
commit 198fc7c37f
parent f15444cc97
1 changed files with 3 additions and 5 deletions
--- a/sys/dev/usb/wlan/if_run.c
+++ b/sys/dev/usb/wlan/if_run.c
@ -3070,10 +3070,10 @@ run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
 		STAILQ_REMOVE_HEAD(&pq->tx_qh, next);

 		m = data->m;
-		size = (sc->mac_ver == 0x5592) ? 
-		    RUN_MAX_TXSZ + sizeof(uint32_t) : RUN_MAX_TXSZ;
+		size = (sc->mac_ver == 0x5592) ?
+		    sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
 		if ((m->m_pkthdr.len +
-		    sizeof(data->desc) + 3 + 8) > size) {
+		    size + 3 + 8) > RUN_MAX_TXSZ) {
 			DPRINTF("data overflow, %u bytes\n",
 			    m->m_pkthdr.len);

@ -3085,8 +3085,6 @@ run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
 		}

 		pc = usbd_xfer_get_frame(xfer, 0);
-		size = (sc->mac_ver == 0x5592) ?
-		    sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
 		usbd_copy_in(pc, 0, &data->desc, size);
 		usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
 		size += m->m_pkthdr.len;