Re: [PATCH 4/8] i2c: ov9650: fix potential integer overflow in __ov965x_set_frame_interval
From: Sakari Ailus
Date: Fri Feb 02 2018 - 04:23:09 EST
On Mon, Jan 29, 2018 at 06:32:01PM -0600, Gustavo A. R. Silva wrote:
> Cast fi->interval.numerator to u64 in order to avoid a potential integer
> overflow. This variable is being used in a context that expects an
> expression of type u64.
>
> Addresses-Coverity-ID: 1324146 ("Unintentional integer overflow")
> Signed-off-by: Gustavo A. R. Silva <gustavo@xxxxxxxxxxxxxx>
> ---
> drivers/media/i2c/ov9650.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/media/i2c/ov9650.c b/drivers/media/i2c/ov9650.c
> index e519f27..c674a49 100644
> --- a/drivers/media/i2c/ov9650.c
> +++ b/drivers/media/i2c/ov9650.c
> @@ -1130,7 +1130,7 @@ static int __ov965x_set_frame_interval(struct ov965x *ov965x,
> if (fi->interval.denominator == 0)
> return -EINVAL;
>
> - req_int = (u64)(fi->interval.numerator * 10000) /
> + req_int = (u64)fi->interval.numerator * 10000 /
> fi->interval.denominator;
This requires do_div(). I've applied the patch with this change:
diff --git a/drivers/media/i2c/ov9650.c b/drivers/media/i2c/ov9650.c
index 88276dba828d..5bea31cd41aa 100644
--- a/drivers/media/i2c/ov9650.c
+++ b/drivers/media/i2c/ov9650.c
@@ -1136,8 +1136,8 @@ static int __ov965x_set_frame_interval(struct ov965x *ov965x,
if (fi->interval.denominator == 0)
return -EINVAL;
- req_int = (u64)fi->interval.numerator * 10000 /
- fi->interval.denominator;
+ req_int = (u64)fi->interval.numerator * 10000;
+ do_div(req_int, fi->interval.denominator);
for (i = 0; i < ARRAY_SIZE(ov965x_intervals); i++) {
const struct ov965x_interval *iv = &ov965x_intervals[i];
>
> for (i = 0; i < ARRAY_SIZE(ov965x_intervals); i++) {
> --
> 2.7.4
>
--
Sakari Ailus
e-mail: sakari.ailus@xxxxxx