Received: by 10.223.176.5 with SMTP id f5csp4171107wra; Tue, 30 Jan 2018 03:17:04 -0800 (PST) X-Google-Smtp-Source: AH8x225/rUXdIutyxycK7tr849mzssV86QdRzNu1mCrh21DgF3mhTSw55u89eIOjfOoKCC6+s25E X-Received: by 10.98.245.69 with SMTP id n66mr29849190pfh.137.1517311024458; Tue, 30 Jan 2018 03:17:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517311024; cv=none; d=google.com; s=arc-20160816; b=f1K8L0+CEDudBztuNkFehRFfkfPgiUeox6L7fs0NhjLTZJjfWoLeTmFjLNAUJq8akK HD0qIrsa59BHyAXSpbyiE0L23UA56ETAiA9lBRca9vP7Y5l6DcHhUTrAOshlB+8vWs2n EqvZr12FepxeW05kJhnrxkqOx2ad0XNHLeDofyP8r9MDkFnXCJOux4mn3b689qx6HaDz QRDdMa4skIHeYrpyoX9HnEZlJ+sm3RvNwpEQ1zt9Dxw04ATG15EHtQiVYxnlFUaG/IWL EDXFg1Jx2fZASd0xiUSPhiUIvS5nEm4mC2qy9S8SeovmtqQ2mTdJqOvhh+xs80AfhtDI nFwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=fPRiSxhYPlbej0ENgCZlRMwORrlaeoj9YwGohn28uYE=; b=veoaxe37oeSnRzl+BEk73XzyFpMEMc0uzQA5aC6BMGHABBHeCukYCnobJGCgEBKQDU 1T8oJ6ERQb0SL0z8chwK1jbHfsrQy9e/Ov/UN4GkP2OjXZsJoCioZACjSBChfXeW77H2 a1+p+GqZY4XO71nVB1c3Y0Mj1iYMNA6982ahm3KmZ4qiGQCIO0Y8+Stv3G1pigbTR1SY 5rxmwBeCGC9+Hga/Lx7ZYEfNMkYb48EP1mZXIBCJxcaDQrDFeFAxLLtj6WyuHRvHVvm2 F4Zbh91XJCTEZs7xVX32HrODJVqWn2yQDke8bRybhDas0b2Uay6RqaOuz4j1KAv7mBjb Tqng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b4si8993412pgq.646.2018.01.30.03.16.39; Tue, 30 Jan 2018 03:17:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751509AbeA3LQC (ORCPT + 99 others); Tue, 30 Jan 2018 06:16:02 -0500 Received: from lb1-smtp-cloud8.xs4all.net ([194.109.24.21]:40621 "EHLO lb1-smtp-cloud8.xs4all.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751219AbeA3LQB (ORCPT ); Tue, 30 Jan 2018 06:16:01 -0500 Received: from [IPv6:2001:420:44c1:2579:55da:778d:826a:c994] ([IPv6:2001:420:44c1:2579:55da:778d:826a:c994]) by smtp-cloud8.xs4all.net with ESMTPA id gTtLe7Rxbar0wgTtPeDgr8; Tue, 30 Jan 2018 12:15:59 +0100 Subject: Re: [PATCH 8/8] platform: vivid-cec: fix potential integer overflow in vivid_cec_pin_adap_events To: "Gustavo A. R. Silva" Cc: "Gustavo A. R. Silva" , Mauro Carvalho Chehab , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org References: <00eea53890802b679c138fc7f68a0f162261d95c.1517268668.git.gustavo@embeddedor.com> <2e1afa55-d214-f932-4ba7-2e21f6a2cd3d@xs4all.nl> <20180130025141.Horde.h4aoQSwrqdPlpFtSKtB9DuS@gator4166.hostgator.com> <43652014-30af-1e4b-c0a9-c23f9633fb2f@xs4all.nl> <20180130045545.Horde.1SSKgcFKaDeoUtmczJ8SRH1@gator4166.hostgator.com> From: Hans Verkuil Message-ID: <3efaaf36-8edb-d899-b89d-902ba1bc63a6@xs4all.nl> Date: Tue, 30 Jan 2018 12:15:55 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <20180130045545.Horde.1SSKgcFKaDeoUtmczJ8SRH1@gator4166.hostgator.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4wfB05/CVbpujCYMsrCkdV0rAUrLGY5X/amHkJANBjskNKQor8baENMJYK5jy7lT1OLLgLTHAKWgQY8HhVr1ec6g9qhMXYdlvafes/oH2pFBUjRxaZ61JA +hWvG99h/jxdbZLLrE8RSzD23UMid1sRkknFPbxw5eb4e9IerNHcgsm56qv6Yauar37JzGeCZIMDqhly+mApaC8jEnSyGyp2JnpthhYMr6JGWBe38uOf1LWS 4BCm66YE0eP+oYfyzDCNWsJ20krAwRfkm6D7IaO+3E6xvXMYtLDh+pG3T6jTRbzgABkTG6a7SiLAKCHd62e6RPinxreFBvHCvK8F7YX+vav+Sb5xhTq6WTM1 FQVLm99m/T+neeaUTZG0t7HC5Vb825vOeFt7O7+b4Bc08Gzx0VoAmK3G2v1Zx72LmeUV0pbw Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/30/18 11:55, Gustavo A. R. Silva wrote: > > Quoting Hans Verkuil : > >> On 01/30/2018 09:51 AM, Gustavo A. R. Silva wrote: >>> Hi Hans, >>> >>> Quoting Hans Verkuil : >>> >>>> Hi Gustavo, >>>> >>>> On 01/30/2018 01:33 AM, Gustavo A. R. Silva wrote: >>>>> Cast len to const u64 in order to avoid a potential integer >>>>> overflow. This variable is being used in a context that expects >>>>> an expression of type const u64. >>>>> >>>>> Addresses-Coverity-ID: 1454996 ("Unintentional integer overflow") >>>>> Signed-off-by: Gustavo A. R. Silva >>>>> --- >>>>> drivers/media/platform/vivid/vivid-cec.c | 2 +- >>>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>>> >>>>> diff --git a/drivers/media/platform/vivid/vivid-cec.c >>>>> b/drivers/media/platform/vivid/vivid-cec.c >>>>> index b55d278..30240ab 100644 >>>>> --- a/drivers/media/platform/vivid/vivid-cec.c >>>>> +++ b/drivers/media/platform/vivid/vivid-cec.c >>>>> @@ -83,7 +83,7 @@ static void vivid_cec_pin_adap_events(struct >>>>> cec_adapter *adap, ktime_t ts, >>>>> if (adap == NULL) >>>>> return; >>>>> ts = ktime_sub_us(ts, (CEC_TIM_START_BIT_TOTAL + >>>>> - len * 10 * CEC_TIM_DATA_BIT_TOTAL)); >>>>> + (const u64)len * 10 * CEC_TIM_DATA_BIT_TOTAL)); >>>> >>>> This makes no sense. Certainly the const part is pointless. And given that >>>> len is always <= 16 there definitely is no overflow. >>>> >>> >>> Yeah, I understand your point and I know there is no chance of an >>> overflow in this particular case. >>> >>>> I don't really want this cast in the code. >>>> >>>> Sorry, >>>> >>> >>> I'm working through all the Linux kernel Coverity reports, and I >>> thought of sending a patch for this because IMHO it doesn't hurt to >>> give the compiler complete information about the arithmetic in which >>> an expression is intended to be evaluated. >>> >>> I agree that the _const_ part is a bit odd. What do you think about >>> the cast to u64 alone? >> >> What happens if you do: ((u64)CEC_TIM_START_BIT_TOTAL + >> >> I think that forces everything else in the expression to be evaluated >> as u64. >> > > Well, in this case the operator precedence takes place and the > expression len * 10 * CEC_TIM_DATA_BIT_TOTAL is computed first. So the > issue remains the same. > > I can switch the expressions as follows: > > (u64)len * 10 * CEC_TIM_DATA_BIT_TOTAL + CEC_TIM_START_BIT_TOTAL What about: 10ULL * len * ... > > and avoid the cast in the middle. > > What do you think? My problem is that (u64)len suggests that there is some problem with len specifically, which isn't true. > >> It definitely needs a comment that this fixes a bogus Coverity report. >> > > I actually added the following line to the message changelog: > Addresses-Coverity-ID: 1454996 ("Unintentional integer overflow") That needs to be in the source, otherwise someone will remove the cast (or ULL) at some time in the future since it isn't clear why it is done. And nobody reads commit logs from X years back :-) > > Certainly, I've run across multiple false positives as in this case, > but I have also fixed many actual bugs thanks to the Coverity reports. > So I think in general it is valuable to take a look into these > reports, either if they spot actual bugs or promote code correctness. Regards, Hans