net: dccp: fix sign bug

'gap' is unsigned, so this code is wrong: gap = -new_head; ... if (gap > 0) { ... } Make 'gap' signed. The semantic patch that finds this problem (many false-positive results): (http://coccinelle.lip6.fr/) // <smpl> @ r1 @ identifier f; @@ int f(...) { ... } @@ identifier r1.f; type T; unsigned T x; @@ *x = f(...) ... *x > 0 Signed-off-by: Kulikov Vasiliy <segooon@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-07-17 05:21:00 +00:00 · 2010-07-17 05:21:00 +00:00 · 8e64159dfb
--- a/net/dccp/ackvec.c
+++ b/net/dccp/ackvec.c
@ -201,7 +201,7 @@ static inline int dccp_ackvec_set_buf_head_state(struct dccp_ackvec *av,
 						 const unsigned int packets,
 						 const unsigned char state)
 {
-	unsigned int gap;
+	long gap;
 	long new_head;

 	if (av->av_vec_len + packets > DCCP_MAX_ACKVEC_LEN)