lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240918125338.16660-1-amishin@t-argos.ru>
Date: Wed, 18 Sep 2024 15:53:38 +0300
From: Aleksandr Mishin <amishin@...rgos.ru>
To: H Hartley Sweeten <hsweeten@...ionengravers.com>
CC: Aleksandr Mishin <amishin@...rgos.ru>, Ian Abbott <abbotti@....co.uk>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	<linux-kernel@...r.kernel.org>, <lvc-project@...uxtesting.org>
Subject: [PATCH v2] comedi: adl_pci9111: Fix possible division by zero in pci9111_ai_do_cmd_test()

Division by zero is possible in pci9111_ai_do_cmd_test() in case of scan
begin trigger source is TRIG_TIMER and 'chanlist_len' is zero.

Add zero value check to prevent division by zero.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: f1c51faabc4d ("staging: comedi: adl_pci9111: tidy up (*do_cmdtest) Step 4")
Suggested-by: Ian Abbott <abbotti@....co.uk>
Reviewed-by: Ian Abbott <abbotti@....co.uk>
Signed-off-by: Aleksandr Mishin <amishin@...rgos.ru>
---
v1->v2: Update comment and fix as suggested by Ian,
 add "Reviewed-by: Ian Abbott <abbotti@....co.uk>"
 (https://lore.kernel.org/all/4f46343a-a1f9-4082-8ef2-50cdb3d74f31@mev.co.uk/)

 drivers/comedi/drivers/adl_pci9111.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/comedi/drivers/adl_pci9111.c b/drivers/comedi/drivers/adl_pci9111.c
index 086d93f40cb9..e5989d180650 100644
--- a/drivers/comedi/drivers/adl_pci9111.c
+++ b/drivers/comedi/drivers/adl_pci9111.c
@@ -310,7 +310,7 @@ static int pci9111_ai_do_cmd_test(struct comedi_device *dev,
 	 * There's only one timer on this card, so the scan_begin timer
 	 * must be a multiple of chanlist_len*convert_arg
 	 */
-	if (cmd->scan_begin_src == TRIG_TIMER) {
+	if (cmd->scan_begin_src == TRIG_TIMER && cmd->chanlist_len) {
 		arg = cmd->chanlist_len * cmd->convert_arg;
 
 		if (arg < cmd->scan_begin_arg)
-- 
2.30.2


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ