From patchwork Fri Dec 9 01:30:08 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Stabellini X-Patchwork-Id: 9467343 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4E530607D8 for ; Fri, 9 Dec 2016 01:32:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4547C2840F for ; Fri, 9 Dec 2016 01:32:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 39A9528534; Fri, 9 Dec 2016 01:32:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 86EFF2840F for ; Fri, 9 Dec 2016 01:32:58 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cFA0s-0004RH-P9; Fri, 09 Dec 2016 01:30:14 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cFA0r-0004RB-HM for xen-devel@lists.xenproject.org; Fri, 09 Dec 2016 01:30:13 +0000 Received: from [193.109.254.147] by server-4.bemta-6.messagelabs.com id 87/50-28568-4290A485; Fri, 09 Dec 2016 01:30:12 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrFIsWRWlGSWpSXmKPExsVybKJsh64Kp1e Ewd4Dwhbft0xmcmD0OPzhCksAYxRrZl5SfkUCa8aDl3eZCq6xVWzaP5u5gXEBaxcjF4eQwFRG iR/77jBCOLOZJBY3rmPqYuTkYBHQkri74A07iM0mYCjx98kmti5GDg4JIHvJZw6QsIiAksS9V ZPBypkFDCS2PPsBVi4sYC7R+2sNM4jNK+At0fXyF1iNqICuxKF/f9gg4oISJ2c+YYHo1ZJYPn 0bmC0hkCExr2cOK4TtJbHoxiUoW03i6rlNzBMY+WchaZ+FpH0BI9MqRo3i1KKy1CJdQzO9pKL M9IyS3MTMHF1DAzO93NTi4sT01JzEpGK95PzcTYzAcGMAgh2M9zcGHGKU5GBSEuUtZvKKEOJL yk+pzEgszogvKs1JLT7EKMPBoSTBe4kNKCdYlJqeWpGWmQMMfJi0BAePkgjvOXagNG9xQWJuc WY6ROoUoy7HgfcrnjIJseTl56VKifNKcAAVCYAUZZTmwY2AReElRlkpYV5GoKOEeApSi3IzS1 DlXzGKczAqCfP2glzCk5lXArfpFdARTEBHzLvhDnJESSJCSqqBMeXShiPBD1nundDvrXLatqN LfMFJmeUc8Wcvrf/+f9GZ7w2NU0u2rfKLPhc98/HJWzZLb3StqdhTdlov1/WdsjXX8pbnoSWs c5SyKviZ6sytOTRP8lg2tr9LeLZn9fqzj+55CuucPC2ftW7yxX0P8o9fsnGYY2aev+hveVaW0 jc1fsUbZ/797lViKc5INNRiLipOBADO1uy2vQIAAA== X-Env-Sender: sstabellini@kernel.org X-Msg-Ref: server-9.tower-27.messagelabs.com!1481247011!76553899!1 X-Originating-IP: [198.145.29.136] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.0.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 32626 invoked from network); 9 Dec 2016 01:30:12 -0000 Received: from mail.kernel.org (HELO mail.kernel.org) (198.145.29.136) by server-9.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 9 Dec 2016 01:30:12 -0000 Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id E9436203AB; Fri, 9 Dec 2016 01:30:09 +0000 (UTC) Received: from [10.1.10.56] (96-82-76-110-static.hfc.comcastbusiness.net [96.82.76.110]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F29A0203A5; Fri, 9 Dec 2016 01:30:08 +0000 (UTC) Date: Thu, 8 Dec 2016 17:30:08 -0800 (PST) From: Stefano Stabellini X-X-Sender: sstabellini@sstabellini-ThinkPad-X260 To: xen-devel@lists.xenproject.org Message-ID: User-Agent: Alpine 2.10 (DEB 1266 2009-07-14) MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP Cc: julien.grall@arm.com, sstabellini@kernel.org Subject: [Xen-devel] [PATCH] fix potential int overflow in efi/boot X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP HorizontalResolution and VerticalResolution are 32bit, while size is 64bit. As it stands the multiplication is evaluated with 32bit arithmetic, which could overflow. Cast HorizontalResolution to 64bit to avoid that. Coverity-ID: 1381858 Signed-off-by: Stefano Stabellini diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index 56544dc..ff37bd9 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -687,7 +687,7 @@ static UINTN __init efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, mode_info->HorizontalResolution * mode_info->VerticalResolution > size ) { - size = mode_info->HorizontalResolution * + size = (UINTN) mode_info->HorizontalResolution * mode_info->VerticalResolution; gop_mode = i; }