Re: [PATCH] tpm/tpm_i2c_stm_st33: Check return code ofget_burstcount (fix CID: 986658)

From: Greg KH
Date: Tue Oct 29 2013 - 20:06:25 EST


On Wed, Oct 30, 2013 at 12:54:20AM +0100, Peter Huewe wrote:
> Coverity complains about
> "Improper use of negative value
> The negative value may be unexpected by later operations, causing
> incorrect computations.
> In tpm_stm_i2c_send: Negative value can be returned from function is not
> being checked before being used improperly (CWE-394)"
>
> The 'get_burstcount' function can in some circumstances 'return -EBUSY' which
> in tpm_stm_i2c_send is stored in an 'u32 burstcnt'
> thus converting the signed value into an unsigned value, resulting
> in 'burstcnt' being huge.
> Changing the type to u32 only does not solve the problem as the signed
> value is converted to an unsigned in I2C_WRITE_DATA, resulting in the
> same effect.
>
> Thus
> -> Change type of burstcnt to u32 (the return type of get_burstcount)
> -> Add a check for the return value of 'get_burstcount' and propagate a
> potential error.
>
> This makes also sense in the 'I2C_READ_DATA' case, where the there is no
> signed/unsigned conversion.
>
> CID: 986658

What is this field for?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/