2013-03-22 13:22:10

by Wei Yongjun

[permalink] [raw]
Subject: [PATCH -next] mailbox: fix invalid use of sizeof in mailbox_msg_send()

From: Wei Yongjun <[email protected]>

sizeof() when applied to a pointer typed expression gives the
size of the pointer, not that of the pointed data.

Signed-off-by: Wei Yongjun <[email protected]>
---
drivers/mailbox/mailbox.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c
index 5fea5c2..e011a75 100644
--- a/drivers/mailbox/mailbox.c
+++ b/drivers/mailbox/mailbox.c
@@ -93,8 +93,8 @@ int mailbox_msg_send(struct mailbox *mbox, struct mailbox_msg *msg)
goto out;
}

- len = kfifo_in(&mq->fifo, (unsigned char *)msg, sizeof(msg));
- WARN_ON(len != sizeof(msg));
+ len = kfifo_in(&mq->fifo, (unsigned char *)msg, sizeof(*msg));
+ WARN_ON(len != sizeof(*msg));

if (msg->size && msg->pdata) {
len = kfifo_in(&mq->fifo, (unsigned char *)msg->pdata,


2013-03-23 03:25:01

by Suman Anna

[permalink] [raw]
Subject: RE: [PATCH -next] mailbox: fix invalid use of sizeof in mailbox_msg_send()

>
> sizeof() when applied to a pointer typed expression gives the size of the pointer,
> not that of the pointed data.
>
> Signed-off-by: Wei Yongjun <[email protected]>
> ---
> drivers/mailbox/mailbox.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c index
> 5fea5c2..e011a75 100644
> --- a/drivers/mailbox/mailbox.c
> +++ b/drivers/mailbox/mailbox.c
> @@ -93,8 +93,8 @@ int mailbox_msg_send(struct mailbox *mbox, struct
> mailbox_msg *msg)
> goto out;
> }
>
> - len = kfifo_in(&mq->fifo, (unsigned char *)msg, sizeof(msg));
> - WARN_ON(len != sizeof(msg));
> + len = kfifo_in(&mq->fifo, (unsigned char *)msg, sizeof(*msg));
> + WARN_ON(len != sizeof(*msg));

Thanks Wei, missed this one. In this same function, there is one more similar occurrence, which needs fixing as well.
--- a/drivers/mailbox/mailbox.c
+++ b/drivers/mailbox/mailbox.c
@@ -83,7 +83,7 @@ int mailbox_msg_send(struct mailbox *mbox, struct mailbox_msg

mutex_lock(&mq->mlock);

- if (kfifo_avail(&mq->fifo) < (sizeof(msg) + msg->size)) {
+ if (kfifo_avail(&mq->fifo) < (sizeof(*msg) + msg->size)) {
ret = -ENOMEM;
goto out;
}

Regards
Suman