Re: [PATCH] iio: inkern: Avoid risky abs() usage in iio_multiply_value()

Next message: Jie Zhan: "Re: [PATCH RESEND 3/4] PM / devfreq: Fix governor_store() failing when device has no current governor"
Previous message: Frederic Weisbecker: "Re: [PATCH 03/15] sched/isolation: Separate housekeeping types in enum hk_type"
In reply to: Andy Shevchenko: "Re: [PATCH] iio: inkern: Avoid risky abs() usage in iio_multiply_value()"
Next in thread: Andy Shevchenko: "Re: [PATCH] iio: inkern: Avoid risky abs() usage in iio_multiply_value()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andy Shevchenko

Date: Tue Mar 31 2026 - 05:37:35 EST

On Tue, Mar 31, 2026 at 12:29:28PM +0300, Andy Shevchenko wrote:
> On Tue, Mar 31, 2026 at 10:49:59AM +0200, Romain Gantois wrote:
> > iio_multiply_value() passes integers val and val2 directly to abs(). This
> > is problematic because if a signed argument to abs is the lowest value for
> > its type, then the result is undefined due to overflow.
> >
> > Cast val and val2 to s64 before passing them to abs() to avoid this issue.

...

> > - *result = multiplier * abs(val);
> > - *result += div_s64(multiplier * abs(val2), denominator);
> > + *result = multiplier * abs((s64)val);
> > + *result += div_s64(multiplier * abs((s64)val2), denominator);
>
> Right, but here we get val and val2 from either static values from the driver
> (when it is SCALE channel), or when channel has PROCESSED support.
> In the latter one it might theoretically be possible to go till the INT_MIN,
> but practically I don't know how, except for the broken driver code in the
> first place. With that being said, I think it's better to validate somewhere
> the multipliers (when it's SCALE or PROCESSED channel). I also noted that
> for the _PROCESSED some drivers keep a garbage in val2. That probably needs
> to be addressed as well (exempli gratia: bmi270_read_raw() does that).

And start from the test cases actually.

--
With Best Regards,
Andy Shevchenko