Received: by 10.223.176.5 with SMTP id f5csp4149717wra; Tue, 30 Jan 2018 02:56:27 -0800 (PST) X-Google-Smtp-Source: AH8x226X2WluFnHsT0Amhs0B+KQjMl52puBz4v4+gafzqy3iTOf/jQH5CfNK+skmcDnSpRpJJBjD X-Received: by 10.101.88.130 with SMTP id d2mr23409922pgu.278.1517309787263; Tue, 30 Jan 2018 02:56:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517309787; cv=none; d=google.com; s=arc-20160816; b=J1iG8ObdMDnjdvTiepjc1TCIxLG7cwkVF69G75Y6xEkiyNMbaNLvwlLF649j0tq2gX kxWCvxaB5shtfyKkxqe4xOhuPzGdE+XuZ7wh+TrfU/kc6JVKf1ykl50tkZiiddxRXjZr 0UtCg9LDwNzmHIcoJzAvYGuCzcD5co7a3POFWlT4wx/ey0VVImJfQz0vY2ff6B8qU0n8 qA6Hyd5mFeTJk0YgCF1oZE59eSwNALlH5Gb28LW/X8GzG5BFjmUDOtdTa+BvUYOTLTQT M7s6799qro+xNeq4uUk7HXfmMsVO8fvOisBonVVXe/YHgpr379PLc3POT3A+YvLSSTzm King== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition:mime-version :user-agent:in-reply-to:references:subject:cc:to:from:message-id :date:arc-authentication-results; bh=snBOAnABdLMLu5CaSwFmYH31BdW9OuPLaCDXoEBRs8E=; b=RM9HmOPhgqWv4mVozxYUcQcuECFIGYfuPibvg7/BMJGdAWO+dSPu25MGj5YMiWFxlg kKujMb6amuKaFxN538+aA3yMTGRNt5hVHgKPsiK4d+uzwf+ipzJCoU9RLldz9BXQAP7V rJP7R2EGXYhDHV6US9/kV2qnPpUpIJ6qBmy+iaO5P7EL0+GRbDrztgpLInxBfj3gt4zw oQj6EddbU8HjgDFSlrLA7Ks+RMpXOPOVpvbQBs5w1kVJfUr+6XaTtxnJDIQmKsjH8Zxv R0Iu0awlr78+LFbN00NVfmrCAimRBJbcaaGV12TC69IR4uRcvKF48JSV91ENrFD2CS4u lNZg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h3si1409924pgc.179.2018.01.30.02.56.12; Tue, 30 Jan 2018 02:56:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751642AbeA3Kzs (ORCPT + 99 others); Tue, 30 Jan 2018 05:55:48 -0500 Received: from gateway34.websitewelcome.com ([192.185.150.114]:31061 "EHLO gateway34.websitewelcome.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751464AbeA3Kzq (ORCPT ); Tue, 30 Jan 2018 05:55:46 -0500 Received: from cm13.websitewelcome.com (cm13.websitewelcome.com [100.42.49.6]) by gateway34.websitewelcome.com (Postfix) with ESMTP id 14A035E17B for ; Tue, 30 Jan 2018 04:55:46 -0600 (CST) Received: from gator4166.hostgator.com ([108.167.133.22]) by cmsmtp with SMTP id gTZqeGY4oBUMKgTZqeL7mr; Tue, 30 Jan 2018 04:55:46 -0600 Received: from gator4166.hostgator.com ([108.167.133.22]:52088) by gator4166.hostgator.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89_1) (envelope-from ) id 1egTZp-002MKz-AY; Tue, 30 Jan 2018 04:55:45 -0600 Received: from 189.152.201.65 ([189.152.201.65]) by gator4166.hostgator.com (Horde Framework) with HTTPS; Tue, 30 Jan 2018 04:55:45 -0600 Date: Tue, 30 Jan 2018 04:55:45 -0600 Message-ID: <20180130045545.Horde.1SSKgcFKaDeoUtmczJ8SRH1@gator4166.hostgator.com> From: "Gustavo A. R. Silva" To: Hans Verkuil Cc: "Gustavo A. R. Silva" , Mauro Carvalho Chehab , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 8/8] platform: vivid-cec: fix potential integer overflow in vivid_cec_pin_adap_events References: <00eea53890802b679c138fc7f68a0f162261d95c.1517268668.git.gustavo@embeddedor.com> <2e1afa55-d214-f932-4ba7-2e21f6a2cd3d@xs4all.nl> <20180130025141.Horde.h4aoQSwrqdPlpFtSKtB9DuS@gator4166.hostgator.com> <43652014-30af-1e4b-c0a9-c23f9633fb2f@xs4all.nl> In-Reply-To: <43652014-30af-1e4b-c0a9-c23f9633fb2f@xs4all.nl> User-Agent: Horde Application Framework 5 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes MIME-Version: 1.0 Content-Disposition: inline X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator4166.hostgator.com X-AntiAbuse: Original Domain - vger.kernel.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - embeddedor.com X-BWhitelist: no X-Source-IP: 108.167.133.22 X-Source-L: Yes X-Exim-ID: 1egTZp-002MKz-AY X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: gator4166.hostgator.com [108.167.133.22]:52088 X-Source-Auth: garsilva@embeddedor.com X-Email-Count: 14 X-Source-Cap: Z3V6aWRpbmU7Z3V6aWRpbmU7Z2F0b3I0MTY2Lmhvc3RnYXRvci5jb20= X-Local-Domain: yes Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Quoting Hans Verkuil : > On 01/30/2018 09:51 AM, Gustavo A. R. Silva wrote: >> Hi Hans, >> >> Quoting Hans Verkuil : >> >>> Hi Gustavo, >>> >>> On 01/30/2018 01:33 AM, Gustavo A. R. Silva wrote: >>>> Cast len to const u64 in order to avoid a potential integer >>>> overflow. This variable is being used in a context that expects >>>> an expression of type const u64. >>>> >>>> Addresses-Coverity-ID: 1454996 ("Unintentional integer overflow") >>>> Signed-off-by: Gustavo A. R. Silva >>>> --- >>>> drivers/media/platform/vivid/vivid-cec.c | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/drivers/media/platform/vivid/vivid-cec.c >>>> b/drivers/media/platform/vivid/vivid-cec.c >>>> index b55d278..30240ab 100644 >>>> --- a/drivers/media/platform/vivid/vivid-cec.c >>>> +++ b/drivers/media/platform/vivid/vivid-cec.c >>>> @@ -83,7 +83,7 @@ static void vivid_cec_pin_adap_events(struct >>>> cec_adapter *adap, ktime_t ts, >>>> if (adap == NULL) >>>> return; >>>> ts = ktime_sub_us(ts, (CEC_TIM_START_BIT_TOTAL + >>>> - len * 10 * CEC_TIM_DATA_BIT_TOTAL)); >>>> + (const u64)len * 10 * CEC_TIM_DATA_BIT_TOTAL)); >>> >>> This makes no sense. Certainly the const part is pointless. And given that >>> len is always <= 16 there definitely is no overflow. >>> >> >> Yeah, I understand your point and I know there is no chance of an >> overflow in this particular case. >> >>> I don't really want this cast in the code. >>> >>> Sorry, >>> >> >> I'm working through all the Linux kernel Coverity reports, and I >> thought of sending a patch for this because IMHO it doesn't hurt to >> give the compiler complete information about the arithmetic in which >> an expression is intended to be evaluated. >> >> I agree that the _const_ part is a bit odd. What do you think about >> the cast to u64 alone? > > What happens if you do: ((u64)CEC_TIM_START_BIT_TOTAL + > > I think that forces everything else in the expression to be evaluated > as u64. > Well, in this case the operator precedence takes place and the expression len * 10 * CEC_TIM_DATA_BIT_TOTAL is computed first. So the issue remains the same. I can switch the expressions as follows: (u64)len * 10 * CEC_TIM_DATA_BIT_TOTAL + CEC_TIM_START_BIT_TOTAL and avoid the cast in the middle. What do you think? > It definitely needs a comment that this fixes a bogus Coverity report. > I actually added the following line to the message changelog: Addresses-Coverity-ID: 1454996 ("Unintentional integer overflow") Certainly, I've run across multiple false positives as in this case, but I have also fixed many actual bugs thanks to the Coverity reports. So I think in general it is valuable to take a look into these reports, either if they spot actual bugs or promote code correctness. Thanks -- Gustavo