| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240928142957.99143-1-shum.sdl@nppct.ru>
Date: Sat, 28 Sep 2024 17:29:57 +0300
From: Andrey Shumilin <shum.sdl@...ct.ru>
To: Chas Williams <3chas3@...il.com>
Cc: Andrey Shumilin <shum.sdl@...ct.ru>,
linux-atm-general@...ts.sourceforge.net,
netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
lvc-project@...uxtesting.org,
khoroshilov@...ras.ru,
ykarpov@...ras.ru,
vmerzlyakov@...ras.ru,
vefanov@...ras.ru
Subject: [PATCH 3/3] horizon: Casting type 32 to 64 bits.
In one of the 3 cases, 1<<30 is passed as the second
parameter to the make_rate() function.
In the expressions "c << (CR_MAXPEXP+div-br_exp)"
and "c<<div" a shift of 14 is possible.
The INT type may overflow.
To fix this, it is suggested to cast the type.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Andrey Shumilin <shum.sdl@...ct.ru>
---
drivers/atm/horizon.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/atm/horizon.c b/drivers/atm/horizon.c
index 4f2951cbe69c..6f3e65e65225 100644
--- a/drivers/atm/horizon.c
+++ b/drivers/atm/horizon.c
@@ -631,7 +631,7 @@ static int make_rate (const hrz_dev * dev, u32 c, rounding r,
// d == MIND and (c << (MAXPEXP+MIND)) < B
while (div < CR_MAXD) {
div++;
- if (br_man <= (c << (CR_MAXPEXP+div-br_exp))) {
+ if (br_man <= ((u64)c << (CR_MAXPEXP+div-br_exp))) {
// Equivalent to: B <= (c << (MAXPEXP+d))
// c << (MAXPEXP+d-1) < B <= c << (MAXPEXP+d)
// 1 << (MAXPEXP-1) < B/2^d/c <= 1 << MAXPEXP
@@ -645,7 +645,7 @@ static int make_rate (const hrz_dev * dev, u32 c, rounding r,
pre = DIV_ROUND_CLOSEST(br, c<<div);
break;
default: /* round_up */
- pre = br/(c<<div);
+ pre = br/((u64)c<<div);
}
PRINTD (DBG_QOS, "B: p=%u, d=%u", pre, div);
goto got_it;
--
2.30.2
Powered by blists - more mailing lists