[PATCH] iio: imu: adis16460: fix variable signedness

[PATCH] iio: imu: adis16460: fix variable signedness

[Alexandru Ardelean]

Caught via static-analysis checker:
```
drivers/iio/imu/adis16460.c
   152  static int adis16460_set_freq(struct iio_dev *indio_dev, int val, int val2)
   153  {
   154          struct adis16460 *st = iio_priv(indio_dev);
   155          unsigned int t;
                ^^^^^^^^^^^^^^

   156
   157          t =  val * 1000 + val2 / 1000;
   158          if (t <= 0)
                    ^^^^^^
Unsigned is not less than zero.
```

The types of `val` && `val2` are obtained from the IIO `write_raw` hook, so
userspace can provide negative values, which can cause weird behavior after
conversion to unsigned.

This patch changes the sign of variable `t` so that -EINVAL will be
returned for negative values as well.

Fixes: db6ed4d23dd1 ("iio: imu: Add support for the ADIS16460 IMU")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com>
---
 drivers/iio/imu/adis16460.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/iio/imu/adis16460.c b/drivers/iio/imu/adis16460.c
index 1ef11640ee20..6aed9e84abbf 100644
--- a/drivers/iio/imu/adis16460.c
+++ b/drivers/iio/imu/adis16460.c
@@ -152,7 +152,7 @@ static int adis16460_debugfs_init(struct iio_dev *indio_dev)
 static int adis16460_set_freq(struct iio_dev *indio_dev, int val, int val2)
 {
 	struct adis16460 *st = iio_priv(indio_dev);
-	unsigned int t;
+	int t;
 
 	t =  val * 1000 + val2 / 1000;
 	if (t <= 0)
-- 
2.20.1

Re: [PATCH] iio: imu: adis16460: fix variable signedness

[Jonathan Cameron]

On Fri, 16 Aug 2019 09:28:35 +0300
Alexandru Ardelean <alexandru.ardelean@analog.com> wrote:

> Caught via static-analysis checker:
> ```
> drivers/iio/imu/adis16460.c
>    152  static int adis16460_set_freq(struct iio_dev *indio_dev, int val, int val2)
>    153  {
>    154          struct adis16460 *st = iio_priv(indio_dev);
>    155          unsigned int t;
>                 ^^^^^^^^^^^^^^
> 
>    156
>    157          t =  val * 1000 + val2 / 1000;
>    158          if (t <= 0)
>                     ^^^^^^
> Unsigned is not less than zero.
> ```
> 
> The types of `val` && `val2` are obtained from the IIO `write_raw` hook, so
> userspace can provide negative values, which can cause weird behavior after
> conversion to unsigned.
> 
> This patch changes the sign of variable `t` so that -EINVAL will be
> returned for negative values as well.
> 
> Fixes: db6ed4d23dd1 ("iio: imu: Add support for the ADIS16460 IMU")
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com>

Applied to the togreg branch of iio.git and pushed out as testing for
the autobuilders to play with it.

Thanks,

Jonathan

> ---
>  drivers/iio/imu/adis16460.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/iio/imu/adis16460.c b/drivers/iio/imu/adis16460.c
> index 1ef11640ee20..6aed9e84abbf 100644
> --- a/drivers/iio/imu/adis16460.c
> +++ b/drivers/iio/imu/adis16460.c
> @@ -152,7 +152,7 @@ static int adis16460_debugfs_init(struct iio_dev *indio_dev)
>  static int adis16460_set_freq(struct iio_dev *indio_dev, int val, int val2)
>  {
>  	struct adis16460 *st = iio_priv(indio_dev);
> -	unsigned int t;
> +	int t;
>  
>  	t =  val * 1000 + val2 / 1000;
>  	if (t <= 0)