| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Dec 2017 23:51:13 +0000
From: Colin King <colin.king@...onical.com>
To: Vinod Koul <vinod.koul@...el.com>,
Sanyog Kale <sanyog.r.kale@...el.com>,
alsa-devel@...a-project.org
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH][next] soundwire: fix sign extension when shifting buf[2] 24 places
From: Colin Ian King <colin.king@...onical.com>
The buf[2] left shift by 24 bits is promoted to int (32 bit signed)
and then signed-extended to unsigned long long. Hence if the upper
bit to buf[2] is set then all the upper bits of addr end up as 1.
Fix this by casting it to u64 before shifting it. Also replace the
unsigned long long casts to u64 casts to match the same type of
addr.
Detected by CoverityScan, CID#1463147 ("Unintended sign extension")
Fixes: d52d7a1be02c ("soundwire: Add Slave status handling helpers")
Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
drivers/soundwire/bus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/soundwire/bus.c b/drivers/soundwire/bus.c
index 4c345197eb55..7211ecc62015 100644
--- a/drivers/soundwire/bus.c
+++ b/drivers/soundwire/bus.c
@@ -522,8 +522,8 @@ static int sdw_program_device_num(struct sdw_bus *bus)
* bits to avoid truncation due to size limit.
*/
addr = buf[5] | (buf[4] << 8) | (buf[3] << 16) |
- (buf[2] << 24) | ((unsigned long long)buf[1] << 32) |
- ((unsigned long long)buf[0] << 40);
+ ((u64)buf[2] << 24) | ((u64)buf[1] << 32) |
+ ((u64)buf[0] << 40);
sdw_extract_slave_id(bus, addr, &id);
--
2.14.1
Powered by blists - more mailing lists