lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <14afe5d5-4c68-b1ca-da88-8951188ee9f9@canonical.com>
Date:   Wed, 29 Sep 2021 12:30:35 +0100
From:   Colin Ian King <colin.king@...onical.com>
To:     Rob Clark <robdclark@...il.com>, Sean Paul <sean@...rly.run>,
        David Airlie <airlied@...ux.ie>, linux-arm-msm@...r.kernel.org,
        dri-devel@...ts.freedesktop.org, freedreno@...ts.freedesktop.org
Cc:     kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: NAK: [PATCH] drm/msm/mdp4: Fix potential integer overflow on 32 bit
 multiply

On 29/09/2021 12:08, Colin King wrote:
> From: Colin Ian King <colin.king@...onical.com>
> 
> In the case where clock is 2147485 or greater the 32 bit multiplication
> by 1000 will cause an integer overflow. Fix this by making the constant
> 1000 a long to ensure a long multiply occurs to avoid the overflow
> before assigning the result to the long result in variable requested.
> Most probably a theoretical overflow issue, but worth fixing.
> 
> Addresses-Coverity: ("Unintentional integer overflow")
> Fixes: 3e87599b68e7 ("drm/msm/mdp4: add LVDS panel support")
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> ---
>   drivers/gpu/drm/msm/disp/mdp4/mdp4_lvds_connector.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/msm/disp/mdp4/mdp4_lvds_connector.c b/drivers/gpu/drm/msm/disp/mdp4/mdp4_lvds_connector.c
> index 7288041dd86a..deada745d5b9 100644
> --- a/drivers/gpu/drm/msm/disp/mdp4/mdp4_lvds_connector.c
> +++ b/drivers/gpu/drm/msm/disp/mdp4/mdp4_lvds_connector.c
> @@ -64,7 +64,7 @@ static int mdp4_lvds_connector_mode_valid(struct drm_connector *connector,
>   	struct drm_encoder *encoder = mdp4_lvds_connector->encoder;
>   	long actual, requested;
>   
> -	requested = 1000 * mode->clock;
> +	requested = 1000L * mode->clock;
>   	actual = mdp4_lcdc_round_pixclk(encoder, requested);
>   
>   	DBG("requested=%ld, actual=%ld", requested, actual);
> 

NACK: there are a few more occurrences of this in the msm driver, I'll 
fix them up for a V2.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ