Message ID | 20231013205024.8099-2-s.shtylyov@omp.ru (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Fix sloppy typing in the FB area copying routines | expand |
On 10/13/23 22:50, Sergey Shtylyov wrote: > In cfb_copyarea(), the local variable bits_per_line is needlessly typed as > *unsigned long* -- which is a 32-bit type on the 32-bit arches and a 64-bit > type on the 64-bit arches; that variable's value is derived from the __u32 > typed fb_fix_screeninfo::line_length field (multiplied by 8u) and a 32-bit > *unsigned int* type should still be enough to store the # of bits per line. > > Found by Linux Verification Center (linuxtesting.org) with the Svace static > analysis tool. > > Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru> applied both patches. Thanks! Helge > --- > drivers/video/fbdev/core/cfbcopyarea.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/video/fbdev/core/cfbcopyarea.c b/drivers/video/fbdev/core/cfbcopyarea.c > index 6d4bfeecee35..5b80bf3dae50 100644 > --- a/drivers/video/fbdev/core/cfbcopyarea.c > +++ b/drivers/video/fbdev/core/cfbcopyarea.c > @@ -382,7 +382,7 @@ void cfb_copyarea(struct fb_info *p, const struct fb_copyarea *area) > { > u32 dx = area->dx, dy = area->dy, sx = area->sx, sy = area->sy; > u32 height = area->height, width = area->width; > - unsigned long const bits_per_line = p->fix.line_length*8u; > + unsigned int const bits_per_line = p->fix.line_length * 8u; > unsigned long __iomem *base = NULL; > int bits = BITS_PER_LONG, bytes = bits >> 3; > unsigned dst_idx = 0, src_idx = 0, rev_copy = 0;
diff --git a/drivers/video/fbdev/core/cfbcopyarea.c b/drivers/video/fbdev/core/cfbcopyarea.c index 6d4bfeecee35..5b80bf3dae50 100644 --- a/drivers/video/fbdev/core/cfbcopyarea.c +++ b/drivers/video/fbdev/core/cfbcopyarea.c @@ -382,7 +382,7 @@ void cfb_copyarea(struct fb_info *p, const struct fb_copyarea *area) { u32 dx = area->dx, dy = area->dy, sx = area->sx, sy = area->sy; u32 height = area->height, width = area->width; - unsigned long const bits_per_line = p->fix.line_length*8u; + unsigned int const bits_per_line = p->fix.line_length * 8u; unsigned long __iomem *base = NULL; int bits = BITS_PER_LONG, bytes = bits >> 3; unsigned dst_idx = 0, src_idx = 0, rev_copy = 0;
In cfb_copyarea(), the local variable bits_per_line is needlessly typed as *unsigned long* -- which is a 32-bit type on the 32-bit arches and a 64-bit type on the 64-bit arches; that variable's value is derived from the __u32 typed fb_fix_screeninfo::line_length field (multiplied by 8u) and a 32-bit *unsigned int* type should still be enough to store the # of bits per line. Found by Linux Verification Center (linuxtesting.org) with the Svace static analysis tool. Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru> --- drivers/video/fbdev/core/cfbcopyarea.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)