From patchwork Fri Jun 5 15:09:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Umang Jain X-Patchwork-Id: 3956 Return-Path: Received: from o1.f.az.sendgrid.net (o1.f.az.sendgrid.net [208.117.55.132]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id 7ED9661375 for ; Fri, 5 Jun 2020 17:09:17 +0200 (CEST) Authentication-Results: lancelot.ideasonboard.com; dkim=pass (1024-bit key; unprotected) header.d=uajain.com header.i=@uajain.com header.b="m8TXVf4c"; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uajain.com; h=from:subject:in-reply-to:references:mime-version:to:cc: content-transfer-encoding:content-type; s=s1; bh=zb7xK6hgU4i0ysUPm9WZ7FU7whfeEvDMKcN/hMCRlY4=; b=m8TXVf4czO9SK0nCNvC99Ik9v1/xKxJi4GH/YbFhK54m5Lehpni2ivaodIFUq7MZDyJh VrQ2LwriWTVQaha5JY1QNYbD0w/fGtXsPgYRIlxQ3VMvXAsCMy+zOL+0XzI5DReBcrwLDb rZfK53KhcPBcLOMp8xRIHwuNwtfcK3CPY= Received: by filterdrecv-p3mdw1-6f5df8956d-k4m5j with SMTP id filterdrecv-p3mdw1-6f5df8956d-k4m5j-20-5EDA601B-10B 2020-06-05 15:09:16.217296695 +0000 UTC m=+154528.959643534 Received: from mail.uajain.com (unknown) by ismtpd0002p1maa1.sendgrid.net (SG) with ESMTP id TrrIha16RLWz6BbsMNMt1A Fri, 05 Jun 2020 15:09:15.860 +0000 (UTC) From: Umang Jain Date: Fri, 05 Jun 2020 15:09:16 +0000 (UTC) Message-Id: <20200605150858.116564-3-email@uajain.com> In-Reply-To: <20200605150858.116564-1-email@uajain.com> References: <20200605150858.116564-1-email@uajain.com> Mime-Version: 1.0 X-SG-EID: 1Q40EQ7YGir8a9gjSIAdTjhngY657NMk9ckeo4dbHZDiOpywc/L3L9rFqlwE4KPcYFho/XlHW4zrk5y9XrA/WkWG4sk/UCmhRlzualOiULxl5LXIQ4wsfqBXK+6696ZggFFnGBRpupFcbIySjmG0Q7Sdh6Az2uuaRnpCeKLLclwtiQk5BKyBpHBKcYn3JWyg4WrO+oeqHwZSKMGsBTEwXq4qzr3dWB2tBnvqkkn5o4g9uP3p8JInX2T1HTOSDNs5MWpo/Y5UCMtA6igzAwOomw== To: laurent.pinchart@ideasonboard.com, libcamera-devel@lists.libcamera.org Subject: [libcamera-devel] [PATCH v2 2/2] libcamera: ipa_module: Fix implicit sign-extension in elfSection X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2020 15:09:17 -0000 Given how the elfSection() is used, the sub-expression (idx * eHdr->e_shentsize) has effectively two (16 bits, unsigned) operands. The sub-expression is promoted to type int (32 bits, signed) for multiplication and then added to eHdr->e_shoff, which is uint32_t on 32-bit platforms and uint64_t on 64-bit platforms. Since eHdr->e_shoff is unsigned, the integer conversion rules dictates that the other signed operand(i.e. the resultant of aforementioned sub-expression) will be converted to unsigned type too. This causes sign-extension for both of the above operands to match eHdr->e_shoff's type and should be avoided. The solution is to explicitly cast one of the operands of the sub-expression with unsigned int type. Hence, the other operand will be integer promoted and the resultant will also be of unsigned int type, not requiring to bother about a sign-extension. Reported-by: Coverity CID=280008 Reported-by: Coverity CID=280009 Reported-by: Coverity CID=280010 Signed-off-by: Umang Jain Reviewed-by: Kieran Bingham --- src/libcamera/ipa_module.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libcamera/ipa_module.cpp b/src/libcamera/ipa_module.cpp index f54dd8b..d79151d 100644 --- a/src/libcamera/ipa_module.cpp +++ b/src/libcamera/ipa_module.cpp @@ -93,7 +93,8 @@ ElfW(Shdr) *elfSection(Span elf, ElfW(Ehdr) *eHdr, unsigned int idx) if (idx >= eHdr->e_shnum) return nullptr; - off_t offset = eHdr->e_shoff + idx * eHdr->e_shentsize; + off_t offset = eHdr->e_shoff + idx * + static_cast(eHdr->e_shentsize); return elfPointer(elf, offset); }