| Message ID | 20190816062835.25588-1-alexandru.ardelean@analog.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | iio: imu: adis16460: fix variable signedness | expand |
On Fri, 16 Aug 2019 09:28:35 +0300 Alexandru Ardelean <alexandru.ardelean@analog.com> wrote: > Caught via static-analysis checker: > ``` > drivers/iio/imu/adis16460.c > 152 static int adis16460_set_freq(struct iio_dev *indio_dev, int val, int val2) > 153 { > 154 struct adis16460 *st = iio_priv(indio_dev); > 155 unsigned int t; > ^^^^^^^^^^^^^^ > > 156 > 157 t = val * 1000 + val2 / 1000; > 158 if (t <= 0) > ^^^^^^ > Unsigned is not less than zero. > ``` > > The types of `val` && `val2` are obtained from the IIO `write_raw` hook, so > userspace can provide negative values, which can cause weird behavior after > conversion to unsigned. > > This patch changes the sign of variable `t` so that -EINVAL will be > returned for negative values as well. > > Fixes: db6ed4d23dd1 ("iio: imu: Add support for the ADIS16460 IMU") > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Applied to the togreg branch of iio.git and pushed out as testing for the autobuilders to play with it. Thanks, Jonathan > --- > drivers/iio/imu/adis16460.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/iio/imu/adis16460.c b/drivers/iio/imu/adis16460.c > index 1ef11640ee20..6aed9e84abbf 100644 > --- a/drivers/iio/imu/adis16460.c > +++ b/drivers/iio/imu/adis16460.c > @@ -152,7 +152,7 @@ static int adis16460_debugfs_init(struct iio_dev *indio_dev) > static int adis16460_set_freq(struct iio_dev *indio_dev, int val, int val2) > { > struct adis16460 *st = iio_priv(indio_dev); > - unsigned int t; > + int t; > > t = val * 1000 + val2 / 1000; > if (t <= 0)
diff --git a/drivers/iio/imu/adis16460.c b/drivers/iio/imu/adis16460.c index 1ef11640ee20..6aed9e84abbf 100644 --- a/drivers/iio/imu/adis16460.c +++ b/drivers/iio/imu/adis16460.c @@ -152,7 +152,7 @@ static int adis16460_debugfs_init(struct iio_dev *indio_dev) static int adis16460_set_freq(struct iio_dev *indio_dev, int val, int val2) { struct adis16460 *st = iio_priv(indio_dev); - unsigned int t; + int t; t = val * 1000 + val2 / 1000; if (t <= 0)
Caught via static-analysis checker: ``` drivers/iio/imu/adis16460.c 152 static int adis16460_set_freq(struct iio_dev *indio_dev, int val, int val2) 153 { 154 struct adis16460 *st = iio_priv(indio_dev); 155 unsigned int t; ^^^^^^^^^^^^^^ 156 157 t = val * 1000 + val2 / 1000; 158 if (t <= 0) ^^^^^^ Unsigned is not less than zero. ``` The types of `val` && `val2` are obtained from the IIO `write_raw` hook, so userspace can provide negative values, which can cause weird behavior after conversion to unsigned. This patch changes the sign of variable `t` so that -EINVAL will be returned for negative values as well. Fixes: db6ed4d23dd1 ("iio: imu: Add support for the ADIS16460 IMU") Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> --- drivers/iio/imu/adis16460.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)