* [PATCH] usb: host: add cast to avoid potential integer overflow
@ 2017-02-17 0:16 Gustavo A. R. Silva
2017-02-20 12:40 ` David Laight
0 siblings, 1 reply; 2+ messages in thread
From: Gustavo A. R. Silva @ 2017-02-17 0:16 UTC (permalink / raw)
To: mathias.nyman, gregkh
Cc: linux-usb, linux-kernel, Peter Senna Tschudin, Gustavo A. R. Silva
The type of variable 'sel' is unsigned int. Such variable is being used
multiple times in a context that expects an expression of type unsigned
long long. So, to avoid any potential integer overflow, a cast to type
unsigned long long is added.
Addresses-Coverity-ID: 703408
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
---
drivers/usb/host/xhci.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 50aee8b..8094d9a 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -4298,23 +4298,23 @@ static unsigned long long xhci_calculate_intel_u1_timeout(
ep_type = usb_endpoint_type(desc);
switch (ep_type) {
case USB_ENDPOINT_XFER_CONTROL:
- timeout_ns = udev->u1_params.sel * 3;
+ timeout_ns = (unsigned long long)udev->u1_params.sel * 3;
break;
case USB_ENDPOINT_XFER_BULK:
- timeout_ns = udev->u1_params.sel * 5;
+ timeout_ns = (unsigned long long)udev->u1_params.sel * 5;
break;
case USB_ENDPOINT_XFER_INT:
intr_type = usb_endpoint_interrupt_type(desc);
if (intr_type == USB_ENDPOINT_INTR_NOTIFICATION) {
- timeout_ns = udev->u1_params.sel * 3;
+ timeout_ns = (unsigned long long)udev->u1_params.sel * 3;
break;
}
/* Otherwise the calculation is the same as isoc eps */
case USB_ENDPOINT_XFER_ISOC:
timeout_ns = xhci_service_interval_to_ns(desc);
timeout_ns = DIV_ROUND_UP_ULL(timeout_ns * 105, 100);
- if (timeout_ns < udev->u1_params.sel * 2)
- timeout_ns = udev->u1_params.sel * 2;
+ if (timeout_ns < (unsigned long long)udev->u1_params.sel * 2)
+ timeout_ns = (unsigned long long)udev->u1_params.sel * 2;
break;
default:
return 0;
--
2.5.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* RE: [PATCH] usb: host: add cast to avoid potential integer overflow
2017-02-17 0:16 [PATCH] usb: host: add cast to avoid potential integer overflow Gustavo A. R. Silva
@ 2017-02-20 12:40 ` David Laight
0 siblings, 0 replies; 2+ messages in thread
From: David Laight @ 2017-02-20 12:40 UTC (permalink / raw)
To: 'Gustavo A. R. Silva', mathias.nyman, gregkh
Cc: linux-usb, linux-kernel, Peter Senna Tschudin
From: Gustavo A. R. Silva
> Sent: 17 February 2017 00:17
> The type of variable 'sel' is unsigned int. Such variable is being used
> multiple times in a context that expects an expression of type unsigned
> long long. So, to avoid any potential integer overflow, a cast to type
> unsigned long long is added.
...
> - timeout_ns = udev->u1_params.sel * 3;
> + timeout_ns = (unsigned long long)udev->u1_params.sel * 3;
...
It is probably better to just change the constant to 3ull.
However I'd be tempted to look more closely at the valid values
for 'timeout_ns'.
It seems unlikely that that the timeout (in sel) will be near
enough to 4 seconds that multiplying by a small integer will
take the value over 4 seconds without requiring larger input
values be supported.
timeout_ns might even be being used in places where the value
has to be smaller than 1 second!
David
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-02-20 12:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-17 0:16 [PATCH] usb: host: add cast to avoid potential integer overflow Gustavo A. R. Silva
2017-02-20 12:40 ` David Laight
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.