git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Peter Chen <peter.chen@nxp.com>
	Thu, 22 Oct 2020 00:55:03 +0000 (08:55 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 10 Nov 2020 11:39:07 +0000 (12:39 +0100)
commit	5f23480fd3e6d92015f15163c1090ab2d48e3fe2
tree	9c2677b19c1f3582288891cc50ab597ad4c35f54	tree \| snapshot
parent	b195d1d2dfc318443a5a7e3d4e16b0278d7e7ded	commit \| diff

usb: cdns3: gadget: suspicious implicit sign extension

[ Upstream commit 5fca3f062879f8e5214c56f3e3e2be6727900f5d ]

The code:
trb->length = cpu_to_le32(TRB_BURST_LEN(priv_ep->trb_burst_size)
| TRB_LEN(length));

TRB_BURST_LEN(priv_ep->trb_burst_size) may be overflow for int 32 if
priv_ep->trb_burst_size is equal or larger than 0x80;

Below is the Coverity warning:
sign_extension: Suspicious implicit sign extension: priv_ep->trb_burst_size
with type u8 (8 bits, unsigned) is promoted in priv_ep->trb_burst_size << 24
to type int (32 bits, signed), then sign-extended to type unsigned long
(64 bits, unsigned). If priv_ep->trb_burst_size << 24 is greater than 0x7FFFFFFF,
the upper bits of the result will all be 1.

To fix it, it needs to add an explicit cast to unsigned int type for ((p) << 24).

Reviewed-by: Jun Li <jun.li@nxp.com>
Signed-off-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>