lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200515184301.GA13795@rowland.harvard.edu>
Date:   Fri, 15 May 2020 14:43:01 -0400
From:   Alan Stern <stern@...land.harvard.edu>
To:     Colin Ian King <colin.king@...onical.com>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Zhang Shengju <zhangshengju@...s.chinamobile.com>,
        Tang Bin <tangbin@...s.chinamobile.com>,
        linux-usb@...r.kernel.org, kernel-janitors@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] USB: EHCI: ehci-mv: fix less than zero comparison
 of an unsigned int

On Fri, May 15, 2020 at 06:26:04PM +0100, Colin Ian King wrote:
> On 15/05/2020 18:21, Alan Stern wrote:
> > On Fri, May 15, 2020 at 05:54:53PM +0100, Colin King wrote:
> >> From: Colin Ian King <colin.king@...onical.com>
> >>
> >> The comparison of hcd->irq to less than zero for an error check will
> >> never be true because hcd->irq is an unsigned int.  Fix this by
> >> assigning the int retval to the return of platform_get_irq and checking
> >> this for the -ve error condition and assigning hcd->irq to retval.
> >>
> >> Addresses-Coverity: ("Unsigned compared against 0")
> >> Fixes: c856b4b0fdb5 ("USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()")
> >> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> >> ---
> > 
> > Thanks to Coverity for spotting this.  Any reason why it didn't spot 
> > exactly the same mistake in the ohci-da8xx.c driver?
> 
> No idea, it is curious that it can spot one error but miss another.
> Sometimes I see these issues on the next scan, so it maybe the database
> diff'ing is awry.
> 
> > 
> > Also, why wasn't the patch CC'ed for the stable series?
> 
> My bad on that. Human error

Actually the question itself was my mistake.  I didn't notice that your 
patch was a fix to something that was just merged and hadn't been CC'ed 
to stable.

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ