| Message ID | 20180207000424.GA32680@embeddedgus (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Tuesday, February 06, 2018 06:04:24 PM Gustavo A. R. Silva wrote: > Cast _pitch_ to u64 in order to give the compiler complete information > about the proper arithmetic to use. Notice that this variable is > being used in a context that expects an expression of type u64 > (64 bits, unsigned). > > The expression pitch * var->yres_virtual is currently being evaluated > using 32-bit arithmetic and the result of the operation is being stored > into variable mem, which is a variable of type u64. Based on that, > chances are there is a potential integer overflow as a result of the > operation. > > Addresses-Coverity-ID: 200655 ("Unintentional integer overflow") > Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Patch queued for 4.17, thanks. Best regards, -- Bartlomiej Zolnierkiewicz Samsung R&D Institute Poland Samsung Electronics -- To unsubscribe from this list: send the line "unsubscribe linux-fbdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/video/fbdev/vermilion/vermilion.c b/drivers/video/fbdev/vermilion/vermilion.c index 6f8d444..5172fa5 100644 --- a/drivers/video/fbdev/vermilion/vermilion.c +++ b/drivers/video/fbdev/vermilion/vermilion.c @@ -651,7 +651,7 @@ static int vmlfb_check_var_locked(struct fb_var_screeninfo *var, } pitch = ALIGN((var->xres * var->bits_per_pixel) >> 3, 0x40); - mem = pitch * var->yres_virtual; + mem = (u64)pitch * var->yres_virtual; if (mem > vinfo->vram_contig_size) { return -ENOMEM; }
Cast _pitch_ to u64 in order to give the compiler complete information about the proper arithmetic to use. Notice that this variable is being used in a context that expects an expression of type u64 (64 bits, unsigned). The expression pitch * var->yres_virtual is currently being evaluated using 32-bit arithmetic and the result of the operation is being stored into variable mem, which is a variable of type u64. Based on that, chances are there is a potential integer overflow as a result of the operation. Addresses-Coverity-ID: 200655 ("Unintentional integer overflow") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> --- drivers/video/fbdev/vermilion/vermilion.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)