Re: [PATCH 8/8] platform: vivid-cec: fix potential integer overflow in vivid_cec_pin_adap_events
From: Hans Verkuil
Date: Tue Jan 30 2018 - 02:22:17 EST
Hi Gustavo,
On 01/30/2018 01:33 AM, Gustavo A. R. Silva wrote:
> Cast len to const u64 in order to avoid a potential integer
> overflow. This variable is being used in a context that expects
> an expression of type const u64.
>
> Addresses-Coverity-ID: 1454996 ("Unintentional integer overflow")
> Signed-off-by: Gustavo A. R. Silva <gustavo@xxxxxxxxxxxxxx>
> ---
> drivers/media/platform/vivid/vivid-cec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/media/platform/vivid/vivid-cec.c b/drivers/media/platform/vivid/vivid-cec.c
> index b55d278..30240ab 100644
> --- a/drivers/media/platform/vivid/vivid-cec.c
> +++ b/drivers/media/platform/vivid/vivid-cec.c
> @@ -83,7 +83,7 @@ static void vivid_cec_pin_adap_events(struct cec_adapter *adap, ktime_t ts,
> if (adap == NULL)
> return;
> ts = ktime_sub_us(ts, (CEC_TIM_START_BIT_TOTAL +
> - len * 10 * CEC_TIM_DATA_BIT_TOTAL));
> + (const u64)len * 10 * CEC_TIM_DATA_BIT_TOTAL));
This makes no sense. Certainly the const part is pointless. And given that
len is always <= 16 there definitely is no overflow.
I don't really want this cast in the code.
Sorry,
Hans
> cec_queue_pin_cec_event(adap, false, ts);
> ts = ktime_add_us(ts, CEC_TIM_START_BIT_LOW);
> cec_queue_pin_cec_event(adap, true, ts);
>