| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <zttjwj47aro4xr56c5qwme3zyiv7v5fdu4e5c2sgzllpwljw7e@iasdxaxjylt3>
Date: Tue, 5 Nov 2024 17:39:36 +0000
From: Karan Sanghavi <karansanghvi98@...il.com>
To: Jonathan Cameron <jic23@...nel.org>
Cc: Lars-Peter Clausen <lars@...afoo.de>, linux-iio@...r.kernel.org,
linux-kernel@...r.kernel.org, Shuah Khan <skhan@...uxfoundation.org>,
Anup <anupnewsmail@...il.com>
Subject: Re: [PATCH] iio: invensense: fix integer overflow while
multiplication
On Sun, Nov 03, 2024 at 11:18:27AM +0000, Jonathan Cameron wrote:
> On Sun, 03 Nov 2024 08:43:14 +0000
> Karan Sanghavi <karansanghvi98@...il.com> wrote:
>
> Hi Karan,
>
> > Typecast a variable to int64_t for 64-bit arithmetic multiplication
>
> The path to actually triggering this is non obvious as these
> inputs are the result of rather complex code paths and per chip
> constraints. Have you identified a particular combination that overflows
> or is this just based on the type? I have no problem with applying this
> as hardening against future uses but unless we have a path to trigger
> it today it isn't a fix.
>
> If you do have a path, this description should state what it is.
>
I found this in the coverity scan with CID:1586045 stating
overflow_before_widen: Potentially overflowing expression ts->min_period * ts->mult with type
unsigned int (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a
context that expects an expression of type int64_t const (64 bits, signed).
> >
> > Signed-off-by: Karan Sanghavi <karansanghvi98@...il.com>
> If it's a real bug, needs a Fixes tag so we know how far to backport it.
>
I thought that this is a fix to this coverity issue thus used fix in the
subject.
If I have to mention the fix tag for this then can you please let me
know what should I mention in the fix tag.
> > ---
> > drivers/iio/common/inv_sensors/inv_sensors_timestamp.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c b/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c
> > index f44458c380d9..d1d11d0b2458 100644
> > --- a/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c
> > +++ b/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c
> > @@ -105,8 +105,8 @@ static bool inv_update_chip_period(struct inv_sensors_timestamp *ts,
> >
> > static void inv_align_timestamp_it(struct inv_sensors_timestamp *ts)
> > {
> > - const int64_t period_min = ts->min_period * ts->mult;
> > - const int64_t period_max = ts->max_period * ts->mult;
> > + const int64_t period_min = (int64_t)ts->min_period * ts->mult;
> > + const int64_t period_max = (int64_t)ts->max_period * ts->mult;
> > int64_t add_max, sub_max;
> > int64_t delta, jitter;
> > int64_t adjust;
> >
> > ---
> > base-commit: 81983758430957d9a5cb3333fe324fd70cf63e7e
> > change-id: 20241102-coverity1586045integeroverflow-cbbf357475d9
> >
> > Best regards,
>
Thank you,
Karan.
Powered by blists - more mailing lists