spi: loopback-test: fix potential integer overflow on multiple

A multiplication of 8U * xfer-len with the type of a 32 bit unsigned int is evaluated using 32 bit arithmetic and then used in a context that expects an expression of type unsigned long long (64 bits). Avoid any potential overflow by casting BITS_PER_BYTE to unsigned long long. Detected by CoverityScan, CID#1419691 ("Unintentional integer overflow") Fixes: ea9936f3 ("spi: loopback-test: add elapsed time check") Signed-off-by: N Colin Ian King <colin.king@canonical.com> Signed-off-by: N Mark Brown <broonie@kernel.org>

spi: loopback-test: fix potential integer overflow on multiple
A multiplication of 8U * xfer-len with the type of a 32 bit unsigned int is evaluated using 32 bit arithmetic and then used in a context that expects an expression of type unsigned long long (64 bits). Avoid any potential overflow by casting BITS_PER_BYTE to unsigned long long. Detected by CoverityScan, CID#1419691 ("Unintentional integer overflow") Fixes: ea9936f3 ("spi: loopback-test: add elapsed time check") Signed-off-by: N Colin Ian King <colin.king@canonical.com> Signed-off-by: N Mark Brown <broonie@kernel.org>
d2c14c64 · Colin Ian King · Mark Brown · 8687113e · d2c14c64
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

drivers/spi/spi-loopback-test.c drivers/spi/spi-loopback-test.c +2 -1

未找到文件。
--- a/drivers/spi/spi-loopback-test.c
+++ b/drivers/spi/spi-loopback-test.c
@@ -508,7 +508,8 @@ static int spi_test_check_elapsed_time(struct spi_device *spi,

 	for (i = 0; i < test->transfer_count; i++) {
 		struct spi_transfer *xfer = test->transfers + i;
-		unsigned long long nbits = BITS_PER_BYTE * xfer->len;
+		unsigned long long nbits = (unsigned long long)BITS_PER_BYTE *
+					   xfer->len;

 		delay_usecs += xfer->delay_usecs;
 		if (!xfer->speed_hz)