From patchwork Fri Dec  9 01:30:08 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stefano Stabellini <sstabellini@kernel.org>
X-Patchwork-Id: 9467343
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	4E530607D8 for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri,  9 Dec 2016 01:32:59 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4547C2840F
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri,  9 Dec 2016 01:32:59 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 39A9528534; Fri,  9 Dec 2016 01:32:59 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 86EFF2840F
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri,  9 Dec 2016 01:32:58 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1cFA0s-0004RH-P9; Fri, 09 Dec 2016 01:30:14 +0000
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <sstabellini@kernel.org>) id 1cFA0r-0004RB-HM
	for xen-devel@lists.xenproject.org; Fri, 09 Dec 2016 01:30:13 +0000
Received: from [193.109.254.147] by server-4.bemta-6.messagelabs.com id
	87/50-28568-4290A485; Fri, 09 Dec 2016 01:30:12 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrFIsWRWlGSWpSXmKPExsVybKJsh64Kp1e
	Ewd4Dwhbft0xmcmD0OPzhCksAYxRrZl5SfkUCa8aDl3eZCq6xVWzaP5u5gXEBaxcjF4eQwFRG
	iR/77jBCOLOZJBY3rmPqYuTkYBHQkri74A07iM0mYCjx98kmti5GDg4JIHvJZw6QsIiAksS9V
	ZPBypkFDCS2PPsBVi4sYC7R+2sNM4jNK+At0fXyF1iNqICuxKF/f9gg4oISJ2c+YYHo1ZJYPn
	0bmC0hkCExr2cOK4TtJbHoxiUoW03i6rlNzBMY+WchaZ+FpH0BI9MqRo3i1KKy1CJdQzO9pKL
	M9IyS3MTMHF1DAzO93NTi4sT01JzEpGK95PzcTYzAcGMAgh2M9zcGHGKU5GBSEuUtZvKKEOJL
	yk+pzEgszogvKs1JLT7EKMPBoSTBe4kNKCdYlJqeWpGWmQMMfJi0BAePkgjvOXagNG9xQWJuc
	WY6ROoUoy7HgfcrnjIJseTl56VKifNKcAAVCYAUZZTmwY2AReElRlkpYV5GoKOEeApSi3IzS1
	DlXzGKczAqCfP2glzCk5lXArfpFdARTEBHzLvhDnJESSJCSqqBMeXShiPBD1nundDvrXLatqN
	LfMFJmeUc8Wcvrf/+f9GZ7w2NU0u2rfKLPhc98/HJWzZLb3StqdhTdlov1/WdsjXX8pbnoSWs
	c5SyKviZ6sytOTRP8lg2tr9LeLZn9fqzj+55CuucPC2ftW7yxX0P8o9fsnGYY2aev+hveVaW0
	jc1fsUbZ/797lViKc5INNRiLipOBADO1uy2vQIAAA==
X-Env-Sender: sstabellini@kernel.org
X-Msg-Ref: server-9.tower-27.messagelabs.com!1481247011!76553899!1
X-Originating-IP: [198.145.29.136]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 9.0.16; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 32626 invoked from network); 9 Dec 2016 01:30:12 -0000
Received: from mail.kernel.org (HELO mail.kernel.org) (198.145.29.136)
	by server-9.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 9 Dec 2016 01:30:12 -0000
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id E9436203AB;
	Fri,  9 Dec 2016 01:30:09 +0000 (UTC)
Received: from [10.1.10.56] (96-82-76-110-static.hfc.comcastbusiness.net
	[96.82.76.110])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPSA id F29A0203A5;
	Fri,  9 Dec 2016 01:30:08 +0000 (UTC)
Date: Thu, 8 Dec 2016 17:30:08 -0800 (PST)
From: Stefano Stabellini <sstabellini@kernel.org>
X-X-Sender: sstabellini@sstabellini-ThinkPad-X260
To: xen-devel@lists.xenproject.org
Message-ID: <alpine.DEB.2.10.1612081726420.22778@sstabellini-ThinkPad-X260>
User-Agent: Alpine 2.10 (DEB 1266 2009-07-14)
MIME-Version: 1.0
X-Virus-Scanned: ClamAV using ClamSMTP
Cc: julien.grall@arm.com, sstabellini@kernel.org
Subject: [Xen-devel] [PATCH] fix potential int overflow in efi/boot
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

HorizontalResolution and VerticalResolution are 32bit, while size is
64bit. As it stands the multiplication is evaluated with 32bit
arithmetic, which could overflow. Cast HorizontalResolution to 64bit to
avoid that.

Coverity-ID: 1381858

Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>

diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c
index 56544dc..ff37bd9 100644
--- a/xen/common/efi/boot.c
+++ b/xen/common/efi/boot.c
@@ -687,7 +687,7 @@ static UINTN __init efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop,
              mode_info->HorizontalResolution *
              mode_info->VerticalResolution > size )
         {
-            size = mode_info->HorizontalResolution *
+            size = (UINTN) mode_info->HorizontalResolution *
                    mode_info->VerticalResolution;
             gop_mode = i;
         }