From patchwork Tue May  9 08:07:52 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pavel Machek <pavel@ucw.cz>
X-Patchwork-Id: 9717193
Return-Path: <linux-media-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	B853760364 for <patchwork-linux-media@patchwork.kernel.org>;
	Tue,  9 May 2017 08:07:59 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A79BA20243
	for <patchwork-linux-media@patchwork.kernel.org>;
	Tue,  9 May 2017 08:07:59 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 9920C27F82; Tue,  9 May 2017 08:07:59 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D5C5120243
	for <patchwork-linux-media@patchwork.kernel.org>;
	Tue,  9 May 2017 08:07:58 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1750994AbdEIIH5 (ORCPT
	<rfc822;patchwork-linux-media@patchwork.kernel.org>);
	Tue, 9 May 2017 04:07:57 -0400
Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:60710 "EHLO
	atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750825AbdEIIHy (ORCPT
	<rfc822; linux-media@vger.kernel.org>); Tue, 9 May 2017 04:07:54 -0400
Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512)
	id 9687681C2E; Tue,  9 May 2017 10:07:52 +0200 (CEST)
Date: Tue, 9 May 2017 10:07:52 +0200
From: Pavel Machek <pavel@ucw.cz>
To: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Cc: Mauro Carvalho Chehab <mchehab@s-opensource.com>,
	pali.rohar@gmail.com, sre@kernel.org, Sakari Ailus <sakari.ailus@iki.fi>,
	Sakari Ailus <sakari.ailus@linux.intel.com>,
	linux-media@vger.kernel.org, hans.verkuil@cisco.com
Subject: Re: [patch, libv4l]: fix integer overflow
Message-ID: <20170509080752.GA19912@amd>
References: <20170419105118.72b8e284@vento.lan> <20170424093059.GA20427@amd>
	<20170424103802.00d3b554@vento.lan> <20170424212914.GA20780@amd>
	<20170424224724.5bb52382@vento.lan> <20170426105300.GA857@amd>
	<20170426081330.6ca10e42@vento.lan> <20170426132337.GA6482@amd>
	<cedfd68d-d0fe-6fa8-2676-b61f3ddda652@gmail.com>
	<20170508222819.GA14833@amd>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20170508222819.GA14833@amd>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-media-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-media.vger.kernel.org>
X-Mailing-List: linux-media@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Fix integer overflow with EXPOSURE_ABSOLUTE. This is problem for
example with Nokia N900.

Signed-off-by: Pavel Machek <pavel@ucw.cz>

diff --git a/lib/libv4l2/libv4l2.c b/lib/libv4l2/libv4l2.c
index e795aee..189fc06 100644
--- a/lib/libv4l2/libv4l2.c
+++ b/lib/libv4l2/libv4l2.c
@@ -1776,7 +1776,7 @@ int v4l2_set_control(int fd, int cid, int value)
 		if (qctrl.type == V4L2_CTRL_TYPE_BOOLEAN)
 			ctrl.value = value ? 1 : 0;
 		else
-			ctrl.value = (value * (qctrl.maximum - qctrl.minimum) + 32767) / 65535 +
+			ctrl.value = ((long long) value * (qctrl.maximum - qctrl.minimum) + 32767) / 65535 +
 				qctrl.minimum;
 
 		result = v4lconvert_vidioc_s_ctrl(devices[index].convert, &ctrl);
@@ -1812,7 +1812,7 @@ int v4l2_get_control(int fd, int cid)
 		if (v4l2_propagate_ioctl(index, VIDIOC_G_CTRL, &ctrl))
 			return -1;
 
-	return ((ctrl.value - qctrl.minimum) * 65535 +
+	return (((long long) ctrl.value - qctrl.minimum) * 65535 +
 			(qctrl.maximum - qctrl.minimum) / 2) /
 		(qctrl.maximum - qctrl.minimum);
 }