[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20240205152350.22547-1-abelova@astralinux.ru>
Date: Mon, 5 Feb 2024 18:23:50 +0300
From: Anastasia Belova <abelova@...ralinux.ru>
To: Philipp Zabel <p.zabel@...gutronix.de>
Cc: Anastasia Belova <abelova@...ralinux.ru>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Kamil Debski <k.debski@...sung.com>,
linux-media@...r.kernel.org,
linux-kernel@...r.kernel.org,
lvc-project@...uxtesting.org
Subject: [PATCH] media: coda: cast an operand of multiplication to a larger type
If width and height are 0xffff (or close), the result of
multiplication overflow. Add casting to a larger type
to avoid undefined behavior.
Such values are possible in CODA7, but unlikely.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 918c66fd4126 ("[media] coda: add CODA7541 decoding support")
Signed-off-by: Anastasia Belova <abelova@...ralinux.ru>
---
drivers/media/platform/chips-media/coda/coda-bit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/chips-media/coda/coda-bit.c b/drivers/media/platform/chips-media/coda/coda-bit.c
index ed47d5bd8d61..84ded154adfe 100644
--- a/drivers/media/platform/chips-media/coda/coda-bit.c
+++ b/drivers/media/platform/chips-media/coda/coda-bit.c
@@ -585,7 +585,7 @@ static int coda_alloc_context_buffers(struct coda_ctx *ctx,
if (!ctx->slicebuf.vaddr && q_data->fourcc == V4L2_PIX_FMT_H264) {
/* worst case slice size */
- size = (DIV_ROUND_UP(q_data->rect.width, 16) *
+ size = (unsigned long)(DIV_ROUND_UP(q_data->rect.width, 16) *
DIV_ROUND_UP(q_data->rect.height, 16)) * 3200 / 8 + 512;
ret = coda_alloc_context_buf(ctx, &ctx->slicebuf, size,
"slicebuf");
--
2.30.2
Powered by blists - more mailing lists