| Message ID | 20240703104734.12034-1-amishin@t-argos.ru (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | staging: iio: frequency: ad9834: Validate frequency parameter value | expand |
On Wed, Jul 03, 2024 at 01:47:34PM +0300, Aleksandr Mishin wrote: > In ad9834_write_frequency() clk_get_rate() can return 0. In such case > ad9834_calc_freqreg() call will lead to division by zero. Checking > 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. > ad9834_write_frequency() is called from ad9834_write(), where fout is > taken from text buffer, which can contain any value. > > Modify parameters checking. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: 12b9d5bf76bf ("Staging: IIO: DDS: AD9833 / AD9834 driver") > Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> > --- > drivers/staging/iio/frequency/ad9834.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/staging/iio/frequency/ad9834.c b/drivers/staging/iio/frequency/ad9834.c > index a7a5cdcc6590..9e42129f44f7 100644 > --- a/drivers/staging/iio/frequency/ad9834.c > +++ b/drivers/staging/iio/frequency/ad9834.c > @@ -114,7 +114,7 @@ static int ad9834_write_frequency(struct ad9834_state *st, > > clk_freq = clk_get_rate(st->mclk); > > - if (fout > (clk_freq / 2)) > + if (!fout || fout > (clk_freq / 2)) So you don't want "clk_freq" to be zero so you check if "fout" can be zero and do the algebra? That's a lot of acrobatics. Just check if clk_freq == 0 directly. regards, dan carpenter > return -EINVAL; > > regval = ad9834_calc_freqreg(clk_freq, fout); > -- > 2.30.2 >
diff --git a/drivers/staging/iio/frequency/ad9834.c b/drivers/staging/iio/frequency/ad9834.c index a7a5cdcc6590..9e42129f44f7 100644 --- a/drivers/staging/iio/frequency/ad9834.c +++ b/drivers/staging/iio/frequency/ad9834.c @@ -114,7 +114,7 @@ static int ad9834_write_frequency(struct ad9834_state *st, clk_freq = clk_get_rate(st->mclk); - if (fout > (clk_freq / 2)) + if (!fout || fout > (clk_freq / 2)) return -EINVAL; regval = ad9834_calc_freqreg(clk_freq, fout);
In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value. Modify parameters checking. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 12b9d5bf76bf ("Staging: IIO: DDS: AD9833 / AD9834 driver") Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> --- drivers/staging/iio/frequency/ad9834.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)