diff mbox

spi: loopback-test: fix potential integer overflow on multiple

Message ID 20170320135805.10182-1-colin.king@canonical.com (mailing list archive)
State Accepted
Commit d2c14c64d678713fced6f2261ce7d398b4351de5
Headers show

Commit Message

Colin King March 20, 2017, 1:58 p.m. UTC 
From: Colin Ian King <colin.king@canonical.com>

A multiplication of 8U * xfer-len with the type of a 32 bit unsigned int
is evaluated using 32 bit arithmetic and then used in a context that
expects an expression of type unsigned long long (64 bits).  Avoid any
potential overflow by casting BITS_PER_BYTE to unsigned long long.

Detected by CoverityScan, CID#1419691 ("Unintentional integer overflow")

Fixes: ea9936f324356 ("spi: loopback-test: add elapsed time check")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/spi/spi-loopback-test.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff mbox

Patch

diff --git a/drivers/spi/spi-loopback-test.c b/drivers/spi/spi-loopback-test.c
index 0d0739142cd3..51c0ceab04cc 100644
--- a/drivers/spi/spi-loopback-test.c
+++ b/drivers/spi/spi-loopback-test.c
@@ -521,7 +521,8 @@  static int spi_test_check_elapsed_time(struct spi_device *spi,
 
 	for (i = 0; i < test->transfer_count; i++) {
 		struct spi_transfer *xfer = test->transfers + i;
-		unsigned long long nbits = BITS_PER_BYTE * xfer->len;
+		unsigned long long nbits = (unsigned long long)BITS_PER_BYTE *
+					   xfer->len;
 
 		delay_usecs += xfer->delay_usecs;
 		if (!xfer->speed_hz)