[PATCH] spi: loopback-test: fix potential integer overflow on multiple

From: Colin Ian King
Date: Mon Mar 20 2017 - 09:58:05 EST


A multiplication of 8U * xfer-len with the type of a 32 bit unsigned int
is evaluated using 32 bit arithmetic and then used in a context that
expects an expression of type unsigned long long (64 bits). Avoid any
potential overflow by casting BITS_PER_BYTE to unsigned long long.

Detected by CoverityScan, CID#1419691 ("Unintentional integer overflow")

Fixes: ea9936f324356 ("spi: loopback-test: add elapsed time check")
Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
Signed-off-by: Mark Brown <broonie@xxxxxxxxxx>
---
drivers/spi/spi-loopback-test.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/spi/spi-loopback-test.c b/drivers/spi/spi-loopback-test.c
index fcae3377ec26..6888d5c34ac4 100644
--- a/drivers/spi/spi-loopback-test.c
+++ b/drivers/spi/spi-loopback-test.c
@@ -508,7 +508,8 @@ static int spi_test_check_elapsed_time(struct spi_device *spi,

for (i = 0; i < test->transfer_count; i++) {
struct spi_transfer *xfer = test->transfers + i;
- unsigned long long nbits = BITS_PER_BYTE * xfer->len;
+ unsigned long long nbits = (unsigned long long)BITS_PER_BYTE *
+ xfer->len;

delay_usecs += xfer->delay_usecs;
if (!xfer->speed_hz)
--
2.11.0