Re: [PATCH 8/8] platform: vivid-cec: fix potential integer overflow in vivid_cec_pin_adap_events

From: Hans Verkuil
Date: Tue Jan 30 2018 - 04:57:29 EST


On 01/30/2018 09:51 AM, Gustavo A. R. Silva wrote:
> Hi Hans,
>
> Quoting Hans Verkuil <hverkuil@xxxxxxxxx>:
>
>> Hi Gustavo,
>>
>> On 01/30/2018 01:33 AM, Gustavo A. R. Silva wrote:
>>> Cast len to const u64 in order to avoid a potential integer
>>> overflow. This variable is being used in a context that expects
>>> an expression of type const u64.
>>>
>>> Addresses-Coverity-ID: 1454996 ("Unintentional integer overflow")
>>> Signed-off-by: Gustavo A. R. Silva <gustavo@xxxxxxxxxxxxxx>
>>> ---
>>> drivers/media/platform/vivid/vivid-cec.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/media/platform/vivid/vivid-cec.c
>>> b/drivers/media/platform/vivid/vivid-cec.c
>>> index b55d278..30240ab 100644
>>> --- a/drivers/media/platform/vivid/vivid-cec.c
>>> +++ b/drivers/media/platform/vivid/vivid-cec.c
>>> @@ -83,7 +83,7 @@ static void vivid_cec_pin_adap_events(struct
>>> cec_adapter *adap, ktime_t ts,
>>> if (adap == NULL)
>>> return;
>>> ts = ktime_sub_us(ts, (CEC_TIM_START_BIT_TOTAL +
>>> - len * 10 * CEC_TIM_DATA_BIT_TOTAL));
>>> + (const u64)len * 10 * CEC_TIM_DATA_BIT_TOTAL));
>>
>> This makes no sense. Certainly the const part is pointless. And given that
>> len is always <= 16 there definitely is no overflow.
>>
>
> Yeah, I understand your point and I know there is no chance of an
> overflow in this particular case.
>
>> I don't really want this cast in the code.
>>
>> Sorry,
>>
>
> I'm working through all the Linux kernel Coverity reports, and I
> thought of sending a patch for this because IMHO it doesn't hurt to
> give the compiler complete information about the arithmetic in which
> an expression is intended to be evaluated.
>
> I agree that the _const_ part is a bit odd. What do you think about
> the cast to u64 alone?

What happens if you do: ((u64)CEC_TIM_START_BIT_TOTAL +

I think that forces everything else in the expression to be evaluated
as u64.

It definitely needs a comment that this fixes a bogus Coverity report.

Regards,

Hans

>
> I appreciate your feedback.
>
> Thanks
> --
> Gustavo
>
>
>
>
>