From 95edbc30db7882a45c4040747331cf613aa23c4a Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Tue, 22 Oct 2013 15:24:42 -0700 Subject: [PATCH] mwifiex: potential integer underflow in mwifiex_ret_wmm_get_status() Before we loop for next iteration we adjust the buffer pointer and "resp_len": curr += (tlv_len + sizeof(tlv_hdr->header)); resp_len -= (tlv_len + sizeof(tlv_hdr->header)); If "resp_len" gets set to negative then it counts as a high positive value. Signed-off-by: Dan Carpenter Signed-off-by: Amitkumar Karwar Signed-off-by: Bing Zhao Signed-off-by: John W. Linville --- Reading git-format-patch failed