Message ID | 20240703154506.25584-1-amishin@t-argos.ru (mailing list archive) |
---|---|
State | Accepted |
Headers | show |
Series | [v2] staging: iio: frequency: ad9834: Validate frequency parameter value | expand |
On Wed, Jul 03, 2024 at 06:45:06PM +0300, Aleksandr Mishin wrote: > In ad9834_write_frequency() clk_get_rate() can return 0. In such case > ad9834_calc_freqreg() call will lead to division by zero. Checking > 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. > ad9834_write_frequency() is called from ad9834_write(), where fout is > taken from text buffer, which can contain any value. > > Modify parameters checking. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: 12b9d5bf76bf ("Staging: IIO: DDS: AD9833 / AD9834 driver") > Suggested-by: Dan Carpenter <dan.carpenter@linaro.org> > Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> > --- > v1->v2: Check if clk_freq == 0 directly instead of fout == 0 > as suggested by Dan Thanks! Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org> regards, dan carpenter
On Wed, 3 Jul 2024 18:29:43 +0200 Dan Carpenter <dan.carpenter@linaro.org> wrote: > On Wed, Jul 03, 2024 at 06:45:06PM +0300, Aleksandr Mishin wrote: > > In ad9834_write_frequency() clk_get_rate() can return 0. In such case > > ad9834_calc_freqreg() call will lead to division by zero. Checking > > 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. > > ad9834_write_frequency() is called from ad9834_write(), where fout is > > taken from text buffer, which can contain any value. > > > > Modify parameters checking. > > > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > > > Fixes: 12b9d5bf76bf ("Staging: IIO: DDS: AD9833 / AD9834 driver") > > Suggested-by: Dan Carpenter <dan.carpenter@linaro.org> > > Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> > > --- > > v1->v2: Check if clk_freq == 0 directly instead of fout == 0 > > as suggested by Dan > > > Thanks! > > Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org> > Applied and marked for stable. > regards, > dan carpenter >
diff --git a/drivers/staging/iio/frequency/ad9834.c b/drivers/staging/iio/frequency/ad9834.c index a7a5cdcc6590..47e7d7e6d920 100644 --- a/drivers/staging/iio/frequency/ad9834.c +++ b/drivers/staging/iio/frequency/ad9834.c @@ -114,7 +114,7 @@ static int ad9834_write_frequency(struct ad9834_state *st, clk_freq = clk_get_rate(st->mclk); - if (fout > (clk_freq / 2)) + if (!clk_freq || fout > (clk_freq / 2)) return -EINVAL; regval = ad9834_calc_freqreg(clk_freq, fout);
In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value. Modify parameters checking. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 12b9d5bf76bf ("Staging: IIO: DDS: AD9833 / AD9834 driver") Suggested-by: Dan Carpenter <dan.carpenter@linaro.org> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> --- v1->v2: Check if clk_freq == 0 directly instead of fout == 0 as suggested by Dan drivers/staging/iio/frequency/ad9834.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)