| Message ID | 20181118201147.11257-2-miquel.raynal@bootlin.com |
|---|---|
| State | Accepted |
| Commit | 3f3aef4b9dc88278f31567fe6f26095fd9477b1a |
| Delegated to: | Jagannadha Sutradharudu Teki |
| Headers | show |
| Series | [U-Boot,1/2] mtd: fix mtd_oobavail() incoherent returned value | expand |
Hello, Miquel Raynal <miquel.raynal@bootlin.com> wrote on Sun, 18 Nov 2018 21:11:47 +0100: > A Coverity robot reported an integer handling issue > (OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression: > > (mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * > mtd_oobavail(mtd, ops) > > While such overflow will certainly never happen due to the numbers > handled, it is cleaner to fix this operation anyway. > > The problem is that all the maths include 32-bit quantities, while the > result is stored in an explicit 64-bit value. > > As maxooblen will just be compared with a size_t, let's change the > type of the variable to a size_t. This will not fix anything but will > clarify a bit the situation. Then, do an explicit cast to fix Coverity > warning. > > Addresses-Coverity-ID: 184180 ("Integer handling issues") > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> > --- I forgot to add the link to the corresponding Travis-CI job: https://travis-ci.org/miquelraynal/u-boot/builds/456679982 Thanks, Miquèl
Hello, Miquel Raynal <miquel.raynal@bootlin.com> wrote on Sun, 18 Nov 2018 21:13:47 +0100: > Hello, > > Miquel Raynal <miquel.raynal@bootlin.com> wrote on Sun, 18 Nov 2018 > 21:11:47 +0100: > > > A Coverity robot reported an integer handling issue > > (OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression: > > > > (mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * > > mtd_oobavail(mtd, ops) > > > > While such overflow will certainly never happen due to the numbers > > handled, it is cleaner to fix this operation anyway. > > > > The problem is that all the maths include 32-bit quantities, while the > > result is stored in an explicit 64-bit value. > > > > As maxooblen will just be compared with a size_t, let's change the > > type of the variable to a size_t. This will not fix anything but will > > clarify a bit the situation. Then, do an explicit cast to fix Coverity > > warning. > > > > Addresses-Coverity-ID: 184180 ("Integer handling issues") > > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> > > --- > > I forgot to add the link to the corresponding Travis-CI job: > https://travis-ci.org/miquelraynal/u-boot/builds/456679982 Gentle ping on this series (patch 1 & 2). They do apply cleanly on current master. Tom, shall I expect you to take it or is it Jagan's mission? Thanks, Miquèl
On Mon, Apr 08, 2019 at 11:43:59AM +0200, Miquel Raynal wrote: > Hello, > > Miquel Raynal <miquel.raynal@bootlin.com> wrote on Sun, 18 Nov 2018 > 21:13:47 +0100: > > > Hello, > > > > Miquel Raynal <miquel.raynal@bootlin.com> wrote on Sun, 18 Nov 2018 > > 21:11:47 +0100: > > > > > A Coverity robot reported an integer handling issue > > > (OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression: > > > > > > (mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * > > > mtd_oobavail(mtd, ops) > > > > > > While such overflow will certainly never happen due to the numbers > > > handled, it is cleaner to fix this operation anyway. > > > > > > The problem is that all the maths include 32-bit quantities, while the > > > result is stored in an explicit 64-bit value. > > > > > > As maxooblen will just be compared with a size_t, let's change the > > > type of the variable to a size_t. This will not fix anything but will > > > clarify a bit the situation. Then, do an explicit cast to fix Coverity > > > warning. > > > > > > Addresses-Coverity-ID: 184180 ("Integer handling issues") > > > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> > > > --- > > > > I forgot to add the link to the corresponding Travis-CI job: > > https://travis-ci.org/miquelraynal/u-boot/builds/456679982 > > Gentle ping on this series (patch 1 & 2). They do apply cleanly on > current master. > > Tom, shall I expect you to take it or is it Jagan's mission? My current feeling is this goes via Jagan's tree and I wasn't expecting them in for this release. Thanks!
Hi Tom, Tom Rini <trini@konsulko.com> wrote on Mon, 8 Apr 2019 07:52:16 -0400: > On Mon, Apr 08, 2019 at 11:43:59AM +0200, Miquel Raynal wrote: > > Hello, > > > > Miquel Raynal <miquel.raynal@bootlin.com> wrote on Sun, 18 Nov 2018 > > 21:13:47 +0100: > > > > > Hello, > > > > > > Miquel Raynal <miquel.raynal@bootlin.com> wrote on Sun, 18 Nov 2018 > > > 21:11:47 +0100: > > > > > > > A Coverity robot reported an integer handling issue > > > > (OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression: > > > > > > > > (mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * > > > > mtd_oobavail(mtd, ops) > > > > > > > > While such overflow will certainly never happen due to the numbers > > > > handled, it is cleaner to fix this operation anyway. > > > > > > > > The problem is that all the maths include 32-bit quantities, while the > > > > result is stored in an explicit 64-bit value. > > > > > > > > As maxooblen will just be compared with a size_t, let's change the > > > > type of the variable to a size_t. This will not fix anything but will > > > > clarify a bit the situation. Then, do an explicit cast to fix Coverity > > > > warning. > > > > > > > > Addresses-Coverity-ID: 184180 ("Integer handling issues") > > > > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> > > > > --- > > > > > > I forgot to add the link to the corresponding Travis-CI job: > > > https://travis-ci.org/miquelraynal/u-boot/builds/456679982 > > > > Gentle ping on this series (patch 1 & 2). They do apply cleanly on > > current master. > > > > Tom, shall I expect you to take it or is it Jagan's mission? > > My current feeling is this goes via Jagan's tree and I wasn't expecting > them in for this release. Thanks! > No problem, I know we are late in the merge process, these are just Coverity fixes, they are not urgent, I just am cleaning my branches and I discover many patches which I thought were merged but actually only exist in my local tree, which is sad :) Thanks, Miquèl
On Mon, Nov 19, 2018 at 1:42 AM Miquel Raynal <miquel.raynal@bootlin.com> wrote: > > A Coverity robot reported an integer handling issue > (OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression: > > (mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * > mtd_oobavail(mtd, ops) > > While such overflow will certainly never happen due to the numbers > handled, it is cleaner to fix this operation anyway. > > The problem is that all the maths include 32-bit quantities, while the > result is stored in an explicit 64-bit value. > > As maxooblen will just be compared with a size_t, let's change the > type of the variable to a size_t. This will not fix anything but will > clarify a bit the situation. Then, do an explicit cast to fix Coverity > warning. > > Addresses-Coverity-ID: 184180 ("Integer handling issues") > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> > --- Applied to u-boot-spi/master
diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index fb6c779abb..df12535d32 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -1030,13 +1030,13 @@ static int mtd_check_oob_ops(struct mtd_info *mtd, loff_t offs, return -EINVAL; if (ops->ooblen) { - u64 maxooblen; + size_t maxooblen; if (ops->ooboffs >= mtd_oobavail(mtd, ops)) return -EINVAL; - maxooblen = ((mtd_div_by_ws(mtd->size, mtd) - - mtd_div_by_ws(offs, mtd)) * + maxooblen = ((size_t)(mtd_div_by_ws(mtd->size, mtd) - + mtd_div_by_ws(offs, mtd)) * mtd_oobavail(mtd, ops)) - ops->ooboffs; if (ops->ooblen > maxooblen) return -EINVAL;
A Coverity robot reported an integer handling issue (OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression: (mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * mtd_oobavail(mtd, ops) While such overflow will certainly never happen due to the numbers handled, it is cleaner to fix this operation anyway. The problem is that all the maths include 32-bit quantities, while the result is stored in an explicit 64-bit value. As maxooblen will just be compared with a size_t, let's change the type of the variable to a size_t. This will not fix anything but will clarify a bit the situation. Then, do an explicit cast to fix Coverity warning. Addresses-Coverity-ID: 184180 ("Integer handling issues") Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> --- drivers/mtd/mtdcore.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)