lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180130045545.Horde.1SSKgcFKaDeoUtmczJ8SRH1@gator4166.hostgator.com>
Date:   Tue, 30 Jan 2018 04:55:45 -0600
From:   "Gustavo A. R. Silva" <garsilva@...eddedor.com>
To:     Hans Verkuil <hverkuil@...all.nl>
Cc:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        linux-media@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 8/8] platform: vivid-cec: fix potential integer overflow
 in vivid_cec_pin_adap_events


Quoting Hans Verkuil <hverkuil@...all.nl>:

> On 01/30/2018 09:51 AM, Gustavo A. R. Silva wrote:
>> Hi Hans,
>>
>> Quoting Hans Verkuil <hverkuil@...all.nl>:
>>
>>> Hi Gustavo,
>>>
>>> On 01/30/2018 01:33 AM, Gustavo A. R. Silva wrote:
>>>> Cast len to const u64 in order to avoid a potential integer
>>>> overflow. This variable is being used in a context that expects
>>>> an expression of type const u64.
>>>>
>>>> Addresses-Coverity-ID: 1454996 ("Unintentional integer overflow")
>>>> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
>>>> ---
>>>>  drivers/media/platform/vivid/vivid-cec.c | 2 +-
>>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/drivers/media/platform/vivid/vivid-cec.c
>>>> b/drivers/media/platform/vivid/vivid-cec.c
>>>> index b55d278..30240ab 100644
>>>> --- a/drivers/media/platform/vivid/vivid-cec.c
>>>> +++ b/drivers/media/platform/vivid/vivid-cec.c
>>>> @@ -83,7 +83,7 @@ static void vivid_cec_pin_adap_events(struct
>>>> cec_adapter *adap, ktime_t ts,
>>>>  	if (adap == NULL)
>>>>  		return;
>>>>  	ts = ktime_sub_us(ts, (CEC_TIM_START_BIT_TOTAL +
>>>> -			       len * 10 * CEC_TIM_DATA_BIT_TOTAL));
>>>> +			       (const u64)len * 10 * CEC_TIM_DATA_BIT_TOTAL));
>>>
>>> This makes no sense. Certainly the const part is pointless. And given that
>>> len is always <= 16 there definitely is no overflow.
>>>
>>
>> Yeah, I understand your point and I know there is no chance of an
>> overflow in this particular case.
>>
>>> I don't really want this cast in the code.
>>>
>>> Sorry,
>>>
>>
>> I'm working through all the Linux kernel Coverity reports, and I
>> thought of sending a patch for this because IMHO it doesn't hurt to
>> give the compiler complete information about the arithmetic in which
>> an expression is intended to be evaluated.
>>
>> I agree that the _const_ part is a bit odd. What do you think about
>> the cast to u64 alone?
>
> What happens if you do: ((u64)CEC_TIM_START_BIT_TOTAL +
>
> I think that forces everything else in the expression to be evaluated
> as u64.
>

Well, in this case the operator precedence takes place and the  
expression len * 10 * CEC_TIM_DATA_BIT_TOTAL is computed first. So the  
issue remains the same.

I can switch the expressions as follows:

(u64)len * 10 * CEC_TIM_DATA_BIT_TOTAL + CEC_TIM_START_BIT_TOTAL

and avoid the cast in the middle.

What do you think?

> It definitely needs a comment that this fixes a bogus Coverity report.
>

I actually added the following line to the message changelog:
Addresses-Coverity-ID: 1454996 ("Unintentional integer overflow")

Certainly, I've run across multiple false positives as in this case,  
but I have also fixed many actual bugs thanks to the Coverity reports.  
So I think in general it is valuable to take a look into these  
reports, either if they spot actual bugs or promote code correctness.

Thanks
--
Gustavo






Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ