Message ID | 20210121193414.482139-1-angelogioacchino.delregno@somainline.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | drm: drm_modes: Fix signed-integer-overflow UBSAN warning | expand |
diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c index 33fb2f05ce66..dd374c628cc5 100644 --- a/drivers/gpu/drm/drm_modes.c +++ b/drivers/gpu/drm/drm_modes.c @@ -762,7 +762,8 @@ int drm_mode_vrefresh(const struct drm_display_mode *mode) if (mode->htotal == 0 || mode->vtotal == 0) return 0; - num = mode->clock * 1000; + num = mode->clock; + num *= 1000; den = mode->htotal * mode->vtotal; if (mode->flags & DRM_MODE_FLAG_INTERLACE)
During a UBSAN run on ARM64 MSM8998, kernel built with GCC 7.5.0, a signed integer overflow was shown. To solve this warning split the multiplication by assigning the mode clock first to the "num" variable and then multiply: this way was chosen because no explicit casting is required. Solves the following warning: [ 2.028003] UBSAN: signed-integer-overflow in drivers/gpu/drm/drm_modes.c:765:20 [ 2.028721] 2376000 * 1000 cannot be represented in type 'int' [ 2.029134] CPU: 6 PID: 62 Comm: kworker/6:1 Tainted: G W 5.11.0-rc4-00115-g38e7d22724f4-dirty #8 [ 2.029884] Hardware name: F(x)tec Pro1 (QX1000) (DT) [ 2.030583] Workqueue: events deferred_probe_work_func [ 2.031043] Call trace: [ 2.031419] dump_backtrace+0x0/0x288 [ 2.032144] show_stack+0x14/0x60 [ 2.032564] dump_stack+0xd4/0x12c [ 2.032985] ubsan_epilogue+0xc/0x50 [ 2.033693] handle_overflow+0xd0/0xf8 [ 2.034092] __ubsan_handle_mul_overflow+0x10/0x18 [ 2.034493] drm_mode_vrefresh+0xd8/0xf8 [ 2.035181] cea_mode_alternate_clock+0x18/0xb0 [ 2.035592] drm_match_cea_mode.part.26+0xa8/0x198 [ 2.036004] drm_match_cea_mode+0x14/0x28 [ 2.036689] drm_mode_validate_ycbcr420+0x14/0x78 [ 2.037098] drm_helper_probe_single_connector_modes+0x5fc/0x910 [ 2.037815] drm_client_modeset_probe+0x26c/0x16f8 [ 2.038225] __drm_fb_helper_initial_config_and_unlock+0x44/0x7b8 [ 2.038931] drm_fb_helper_initial_config+0x48/0x68 [ 2.039337] msm_fbdev_init+0x80/0xe0 [ 2.039735] msm_drm_bind+0x4d8/0x6d0 Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@somainline.org> --- drivers/gpu/drm/drm_modes.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)