lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 08 May 2021 10:01:14 -0700
From:   Joe Perches <joe@...ches.com>
To:     Jonathan Cameron <jic23@...nel.org>,
        Colin King <colin.king@...onical.com>
Cc:     Lars-Peter Clausen <lars@...afoo.de>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Jon Brenner <jbrenner@...sinc.com>, linux-iio@...r.kernel.org,
        clang-built-linux@...glegroups.com,
        kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] iio: tsl2583: Fix division by a zero lux_val

On Sat, 2021-05-08 at 17:12 +0100, Jonathan Cameron wrote:
> On Fri,  7 May 2021 19:30:41 +0100 Colin King <colin.king@...onical.com> wrote:
[]
> > The lux_val returned from tsl2583_get_lux can potentially be zero,
> > so check for this to avoid a division by zero and an overflowed
> > gain_trim_val.
[]
> > Fixes: ac4f6eee8fe8 ("staging: iio: TAOS tsl258x: Device driver")
> > Signed-off-by: Colin Ian King <colin.king@...onical.com>
> Definitely looks like it could happen so applied to the fixes-togreg branch of
> iio.git and marked for stable.
[]
> > diff --git a/drivers/iio/light/tsl2583.c b/drivers/iio/light/tsl2583.c
[]
> > @@ -341,6 +341,14 @@ static int tsl2583_als_calibrate(struct iio_dev *indio_dev)
> >  		return lux_val;
> >  	}
> > 
> > +	/* Avoid division by zero of lux_value later on */
> > +	if (lux_val == 0) {
> > +		dev_err(&chip->client->dev,
> > +			"%s: lux_val of 0 will produce out of range trim_value\n",
> > +			__func__);
> > +		return -ENODATA;
> > +	}
> > +
> >  	gain_trim_val = (unsigned int)(((chip->als_settings.als_cal_target)
> >  			* chip->als_settings.als_gain_trim) / lux_val);

Is a multiplication overflow possible here?
There are also unnecessary parentheses.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ