| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190204074820.GC2581@kadam>
Date: Mon, 4 Feb 2019 10:48:20 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Colin King <colin.king@...onical.com>
Cc: Ian Abbott <abbotti@....co.uk>,
H Hartley Sweeten <hsweeten@...ionengravers.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
devel@...verdev.osuosl.org, kernel-janitors@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: comedi: dt2811: fix integer overflow in multiply
On Sun, Feb 03, 2019 at 02:29:04PM +0300, Dan Carpenter wrote:
> > diff --git a/drivers/staging/comedi/drivers/dt2811.c b/drivers/staging/comedi/drivers/dt2811.c
> > index 05207a519755..820e75f850ff 100644
> > --- a/drivers/staging/comedi/drivers/dt2811.c
> > +++ b/drivers/staging/comedi/drivers/dt2811.c
> > @@ -323,7 +323,8 @@ static unsigned int dt2811_ns_to_timer(unsigned int *nanosec,
> > for (_mult = 0; _mult <= 7; _mult++) {
> > unsigned int div = dt2811_clk_dividers[_div];
> > unsigned int mult = dt2811_clk_multipliers[_mult];
> > - unsigned long long divider = div * mult;
> > + unsigned long long divider =
> > + (unsigned long long)div * mult;
>
> The max "div" can be is 12. The max "mult" can be is 10,000,000. So
> this is a false positive because there is no overflow. The code is not
> complicated. Unfortunately, Smatch has the exact same problem...
Smatch actually parses this correctly, but I had a power failure over
the weekend that messed up my results.
regards,
dan carpenter
Powered by blists - more mailing lists