[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <81bc1c8fa08d1643fa9b7b6630fdd42baed7d225.1517268668.git.gustavo@embeddedor.com>
Date: Mon, 29 Jan 2018 18:33:01 -0600
From: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To: Mauro Carvalho Chehab <mchehab@...nel.org>
Cc: linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
"Gustavo A. R. Silva" <garsilva@...eddedor.com>
Subject: [PATCH 7/8] platform: sh_veu: fix potential integer overflow in
sh_veu_colour_offset
Cast left and top to dma_addr_t in order to avoid a potential integer
overflow. This variable is being used in a context that expects an
expression of type dma_addr_t (u64).
Addresses-Coverity-ID: 1056807 ("Unintentional integer overflow")
Addresses-Coverity-ID: 1056808 ("Unintentional integer overflow")
Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
---
drivers/media/platform/sh_veu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/sh_veu.c b/drivers/media/platform/sh_veu.c
index 976ea0b..e2795d0 100644
--- a/drivers/media/platform/sh_veu.c
+++ b/drivers/media/platform/sh_veu.c
@@ -520,8 +520,8 @@ static void sh_veu_colour_offset(struct sh_veu_dev *veu, struct sh_veu_vfmt *vfm
/* dst_left and dst_top validity will be verified in CROP / COMPOSE */
unsigned int left = vfmt->frame.left & ~0x03;
unsigned int top = vfmt->frame.top;
- dma_addr_t offset = ((left * veu->vfmt_out.fmt->depth) >> 3) +
- top * veu->vfmt_out.bytesperline;
+ dma_addr_t offset = (((dma_addr_t)left * veu->vfmt_out.fmt->depth) >> 3) +
+ (dma_addr_t)top * veu->vfmt_out.bytesperline;
unsigned int y_line;
vfmt->offset_y = offset;
--
2.7.4
Powered by blists - more mailing lists