From patchwork Thu Nov 24 11:23:33 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dan Carpenter <dan.carpenter@oracle.com>
X-Patchwork-Id: 9445373
Return-Path: <alsa-devel-bounces@alsa-project.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	2CC3F6075F for <patchwork-alsa-devel@patchwork.kernel.org>;
	Thu, 24 Nov 2016 11:43:50 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E83AD27E15
	for <patchwork-alsa-devel@patchwork.kernel.org>;
	Thu, 24 Nov 2016 11:43:49 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id DA00F27E78; Thu, 24 Nov 2016 11:43:49 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE,
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
Received: from alsa0.perex.cz (alsa0.perex.cz [77.48.224.243])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8AC8327E15
	for <patchwork-alsa-devel@patchwork.kernel.org>;
	Thu, 24 Nov 2016 11:43:48 +0000 (UTC)
Received: by alsa0.perex.cz (Postfix, from userid 1000)
	id 871B9266B22; Thu, 24 Nov 2016 12:43:40 +0100 (CET)
Received: from alsa0.perex.cz (localhost [127.0.0.1])
	by alsa0.perex.cz (Postfix) with ESMTP id 7D84B26716B;
	Thu, 24 Nov 2016 12:41:22 +0100 (CET)
X-Original-To: alsa-devel@alsa-project.org
Delivered-To: alsa-devel@alsa-project.org
Received: by alsa0.perex.cz (Postfix, from userid 1000)
	id A029F266B22; Thu, 24 Nov 2016 12:24:05 +0100 (CET)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81])
	by alsa0.perex.cz (Postfix) with ESMTP id A1BAE266B21
	for <alsa-devel@alsa-project.org>;
	Thu, 24 Nov 2016 12:23:58 +0100 (CET)
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74])
	by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with
	ESMTP id uAOBNtRB026447
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Thu, 24 Nov 2016 11:23:56 GMT
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72])
	by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id uAOBNt4g026048
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Thu, 24 Nov 2016 11:23:55 GMT
Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15])
	by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id
	uAOBNrNh019400; Thu, 24 Nov 2016 11:23:54 GMT
Received: from mwanda (/154.123.30.252)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Thu, 24 Nov 2016 03:23:48 -0800
Date: Thu, 24 Nov 2016 14:23:33 +0300
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Jaroslav Kysela <perex@perex.cz>
Message-ID: <20161124112333.GL17225@mwanda>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.6.0 (2016-04-01)
X-Source-IP: userv0022.oracle.com [156.151.31.74]
Cc: alsa-devel@alsa-project.org, kernel-janitors@vger.kernel.org,
	Takashi Iwai <tiwai@suse.com>, linux-kernel@vger.kernel.org
Subject: [alsa-devel] [patch] ALSA: emu10k1: shift wrapping bug in
	snd_emu10k1_ptr_read()
X-BeenThere: alsa-devel@alsa-project.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Alsa-devel mailing list for ALSA developers -
	http://www.alsa-project.org" <alsa-devel.alsa-project.org>
List-Unsubscribe: 
 <http://mailman.alsa-project.org/mailman/options/alsa-devel>,
	<mailto:alsa-devel-request@alsa-project.org?subject=unsubscribe>
List-Archive: <http://mailman.alsa-project.org/pipermail/alsa-devel/>
List-Post: <mailto:alsa-devel@alsa-project.org>
List-Help: <mailto:alsa-devel-request@alsa-project.org?subject=help>
List-Subscribe: <http://mailman.alsa-project.org/mailman/listinfo/alsa-devel>,
	<mailto:alsa-devel-request@alsa-project.org?subject=subscribe>
Errors-To: alsa-devel-bounces@alsa-project.org
Sender: alsa-devel-bounces@alsa-project.org
X-Virus-Scanned: ClamAV using ClamSMTP

Static analysis says "size" is a number 0-63.  So we really want to be
doing the shift as a u64 and not a int type.  Presumably "size" is never
actually more than 31 otherwise the shift wrap would have been detected
in testing.  The "mask" is a u32 so we only care about the bottom 32
bits which also implies that "size" is less than 32.

This code pre-dates git.  I haven't tested this change, it's to fix a
static analysis warning.  I can't think that shift wrapping is the
correct behavior so presumably this change is harmless but it definitely
changes how the code works when size is larger than 32.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/sound/pci/emu10k1/io.c b/sound/pci/emu10k1/io.c
index 706b4f0..fd204f3 100644
--- a/sound/pci/emu10k1/io.c
+++ b/sound/pci/emu10k1/io.c
@@ -46,7 +46,7 @@ unsigned int snd_emu10k1_ptr_read(struct snd_emu10k1 * emu, unsigned int reg, un
 		
 		size = (reg >> 24) & 0x3f;
 		offset = (reg >> 16) & 0x1f;
-		mask = ((1 << size) - 1) << offset;
+		mask = ((1ULL << size) - 1) << offset;
 		
 		spin_lock_irqsave(&emu->emu_lock, flags);
 		outl(regptr, emu->port + PTR);
@@ -81,7 +81,7 @@ void snd_emu10k1_ptr_write(struct snd_emu10k1 *emu, unsigned int reg, unsigned i
 
 		size = (reg >> 24) & 0x3f;
 		offset = (reg >> 16) & 0x1f;
-		mask = ((1 << size) - 1) << offset;
+		mask = ((1ULL << size) - 1) << offset;
 		data = (data << offset) & mask;
 
 		spin_lock_irqsave(&emu->emu_lock, flags);