From patchwork Thu Feb 2 14:51:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 9552077 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 21ACC602F0 for ; Thu, 2 Feb 2017 14:52:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 14D2D28477 for ; Thu, 2 Feb 2017 14:52:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 099C528479; Thu, 2 Feb 2017 14:52:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.4 required=2.0 tests=BAYES_00,HEXHASH_WORD, RCVD_IN_DNSWL_HI,RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4781628477 for ; Thu, 2 Feb 2017 14:52:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751673AbdBBOwB (ORCPT ); Thu, 2 Feb 2017 09:52:01 -0500 Received: from mout.kundenserver.de ([212.227.126.135]:56195 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751441AbdBBOwA (ORCPT ); Thu, 2 Feb 2017 09:52:00 -0500 Received: from wuerfel.lan ([78.42.17.5]) by mrelayeu.kundenserver.de (mreue002 [212.227.15.129]) with ESMTPA (Nemesis) id 0LjiA5-1c2Am81JLl-00bsx5; Thu, 02 Feb 2017 15:51:53 +0100 From: Arnd Bergmann To: Mauro Carvalho Chehab Cc: Arnd Bergmann , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] [media] ttpci: address stringop overflow warning Date: Thu, 2 Feb 2017 15:51:28 +0100 Message-Id: <20170202145151.3786590-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K0:qL5jpK0d+tlJpFKff8lBjI3npdTy2B51YjBX5RIZg7ZBHBkm7Bl WTurpdhJknXkQl1Hu9LRHBL1beszMxID078JO13yWx9blR77UssXRZsTK0bzSVHa1fsEuZE toOvWTHupDUB2uvyrOVSxJgd/LJOqwsWLnIChSX3mCO42oX3vtQ2rd61MTgJdGCzXxsPmXP 0Q5LXkBFqEpRQPhqKWxEg== X-UI-Out-Filterresults: notjunk:1; V01:K0:0Nnc4FXskdc=:b17vHgzxkQTbIK8GZ+o3OD s2Uo6lpm3OJMGo/MOS9jgFdPwIpjCK93jhr3DKBIGAi2kIcaUWC+7THVqNX++eJrsU4lY12PG GdBBb0RJE8X2czuhZAPf8Re5AUMnF7kRL/A9YmetSAoBho5CXZzlTEnnhxDNa6A0YLwJba1lM lPCV6Vt/iB7pbJODOCTTLoUthELnX0d5CsudU46g3rlnvfoNVGB4sjLDV9/8frlI3bI/aqtYd lo00mDrj4TQmCEbZ0yV6XwCnAiB6HqYX4g6JhsyalYvO1JfVZOyrpmc4vSChxx9ENo3WhhxtU SgM8i0JxP4NOnFtCefQLgng6l06wskyx4irPUUVltlZa1f69QWM5lQDtF4Ef/tHGx28G3bk0c v8WyZdIGCI9Q/uPt9iNT8rpF2Z3VeZa6FyiKZoQBXLGEHb3eYQolX6E+LP3md7iVPPIvIfNgk V3wjdpBQZhfa+Pv6N0Su7P4WP5+S6GkzL2VW3G1PLXtjsOxmpOrsxO1Vzm6L/12QkO8ULyg0g gCxCTYexlNfXq67QPa5CXRSmucgWt5rvyT9k5QaXYuEN3qNwdt3noZKtDw1eRVFS13blLlTjH zIeXcHXIfyvWnGChQF2ovFaOT8nrCz8Fh+8tbu4B/4EDU5dTGZsOISN316AQ21d2Dzcc9yddL rov3G4zN5gZXlyeq8IDMpApON7kEga+ZyMBYjuet1pkNTrt0DKCfNx1/QdqNuyHP6EwE= Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP gcc-7.0.1 warns about old code in ttpci: In file included from drivers/media/pci/ttpci/av7110.c:63:0: In function 'irdebi.isra.2', inlined from 'start_debi_dma' at drivers/media/pci/ttpci/av7110.c:376:3, inlined from 'gpioirq' at drivers/media/pci/ttpci/av7110.c:659:3: drivers/media/pci/ttpci/av7110_hw.h:406:3: warning: 'memcpy': specified size between 18446744071562067968 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=] memcpy(av7110->debi_virt, (char *) &res, count); In function 'irdebi.isra.2', inlined from 'start_debi_dma' at drivers/media/pci/ttpci/av7110.c:376:3, inlined from 'gpioirq' at drivers/media/pci/ttpci/av7110.c:668:3: drivers/media/pci/ttpci/av7110_hw.h:406:3: warning: 'memcpy': specified size between 18446744071562067968 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=] memcpy(av7110->debi_virt, (char *) &res, count); Apparently, 'count' can be negative here, which will then get turned into a giant size argument for memcpy. Changing the sizes to 'unsigned int' instead seems safe as we already check for maximum sizes, and it also simplifies the code a bit. Signed-off-by: Arnd Bergmann --- drivers/media/pci/ttpci/av7110_hw.c | 8 ++++---- drivers/media/pci/ttpci/av7110_hw.h | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/media/pci/ttpci/av7110_hw.c b/drivers/media/pci/ttpci/av7110_hw.c index 520414cbe087..cf6291b32ee6 100644 --- a/drivers/media/pci/ttpci/av7110_hw.c +++ b/drivers/media/pci/ttpci/av7110_hw.c @@ -56,11 +56,11 @@ by Nathan Laredo */ int av7110_debiwrite(struct av7110 *av7110, u32 config, - int addr, u32 val, int count) + int addr, u32 val, unsigned int count) { struct saa7146_dev *dev = av7110->dev; - if (count <= 0 || count > 32764) { + if (count > 32764) { printk("%s: invalid count %d\n", __func__, count); return -1; } @@ -78,12 +78,12 @@ int av7110_debiwrite(struct av7110 *av7110, u32 config, return 0; } -u32 av7110_debiread(struct av7110 *av7110, u32 config, int addr, int count) +u32 av7110_debiread(struct av7110 *av7110, u32 config, int addr, unsigned int count) { struct saa7146_dev *dev = av7110->dev; u32 result = 0; - if (count > 32764 || count <= 0) { + if (count > 32764) { printk("%s: invalid count %d\n", __func__, count); return 0; } diff --git a/drivers/media/pci/ttpci/av7110_hw.h b/drivers/media/pci/ttpci/av7110_hw.h index 1634aba5cb84..ccb148059406 100644 --- a/drivers/media/pci/ttpci/av7110_hw.h +++ b/drivers/media/pci/ttpci/av7110_hw.h @@ -377,14 +377,14 @@ extern int av7110_fw_request(struct av7110 *av7110, u16 *request_buf, /* DEBI (saa7146 data extension bus interface) access */ extern int av7110_debiwrite(struct av7110 *av7110, u32 config, - int addr, u32 val, int count); + int addr, u32 val, unsigned int count); extern u32 av7110_debiread(struct av7110 *av7110, u32 config, - int addr, int count); + int addr, unsigned int count); /* DEBI during interrupt */ /* single word writes */ -static inline void iwdebi(struct av7110 *av7110, u32 config, int addr, u32 val, int count) +static inline void iwdebi(struct av7110 *av7110, u32 config, int addr, u32 val, unsigned int count) { av7110_debiwrite(av7110, config, addr, val, count); } @@ -397,7 +397,7 @@ static inline void mwdebi(struct av7110 *av7110, u32 config, int addr, av7110_debiwrite(av7110, config, addr, 0, count); } -static inline u32 irdebi(struct av7110 *av7110, u32 config, int addr, u32 val, int count) +static inline u32 irdebi(struct av7110 *av7110, u32 config, int addr, u32 val, unsigned int count) { u32 res; @@ -408,7 +408,7 @@ static inline u32 irdebi(struct av7110 *av7110, u32 config, int addr, u32 val, i } /* DEBI outside interrupts, only for count <= 4! */ -static inline void wdebi(struct av7110 *av7110, u32 config, int addr, u32 val, int count) +static inline void wdebi(struct av7110 *av7110, u32 config, int addr, u32 val, unsigned int count) { unsigned long flags; @@ -417,7 +417,7 @@ static inline void wdebi(struct av7110 *av7110, u32 config, int addr, u32 val, i spin_unlock_irqrestore(&av7110->debilock, flags); } -static inline u32 rdebi(struct av7110 *av7110, u32 config, int addr, u32 val, int count) +static inline u32 rdebi(struct av7110 *av7110, u32 config, int addr, u32 val, unsigned int count) { unsigned long flags; u32 res;