From patchwork Sun Jun 7 14:30:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Umang Jain X-Patchwork-Id: 3979 Return-Path: Received: from o1.f.az.sendgrid.net (o1.f.az.sendgrid.net [208.117.55.132]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id DB45F61626 for ; Sun, 7 Jun 2020 16:30:20 +0200 (CEST) Authentication-Results: lancelot.ideasonboard.com; dkim=pass (1024-bit key; unprotected) header.d=uajain.com header.i=@uajain.com header.b="ilUeU8Yt"; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uajain.com; h=from:subject:in-reply-to:references:mime-version:to:cc: content-transfer-encoding:content-type; s=s1; bh=TBjKum+DY72wRVegSwltHxRqXC6J1KGz1NRSRIej3YA=; b=ilUeU8YtnH9Hm/d93w7cqE3Ub6v05B/h962j3OLBHket7cQ+c26OPakAl6YHH9yXJ2gx AoGe2JU9ZBMUIpZZjVYcC70oct4vYkKaajRNb6Nu9ibwk2FhUL6xumhoiBzLYVAIpb+yES M+u7+LM4bNcFOzxDNXEc82oFuteyzNxVY= Received: by filter0135p3las1.sendgrid.net with SMTP id filter0135p3las1-9010-5EDCF9FA-1E7 2020-06-07 14:30:18.733685738 +0000 UTC m=+400000.314394105 Received: from mail.uajain.com (unknown) by ismtpd0004p1maa1.sendgrid.net (SG) with ESMTP id hZX9YxZ2QLakbeVOk4GZ1A Sun, 07 Jun 2020 14:30:18.366 +0000 (UTC) From: Umang Jain Date: Sun, 07 Jun 2020 14:30:18 +0000 (UTC) Message-Id: <20200607143012.17752-3-email@uajain.com> In-Reply-To: <20200607143012.17752-1-email@uajain.com> References: <20200607143012.17752-1-email@uajain.com> Mime-Version: 1.0 X-SG-EID: 1Q40EQ7YGir8a9gjSIAdTjhngY657NMk9ckeo4dbHZDiOpywc/L3L9rFqlwE4KPcAl6MTtKrYqN2BGXS9ZDVMf59817yL7+3nHWtUAHR16ne0RQ/mUc/NqTkjCEkd4+DGgj+PD3r5a3rDZOXWMtKRFLnYILa6UC3bnQ8P6hJpXmdvr3TSOLz3jLmvSOR51R92r8OXVUboaIHWmksjTjZXoG/OpGi1c8GL7EwSbFK4Ytdb3/oHKCNGMXxSRsnOHOR To: laurent.pinchart@ideasonboard.com, libcamera-devel@lists.libcamera.org, kieran.bingham@ideasonboard.com Subject: [libcamera-devel] [PATCH v3 2/2] libcamera: ipa_module: Fix implicit sign-extension in elfSection X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jun 2020 14:30:22 -0000 Given how the elfSection() is used the sub-expression (idx * eHdr->e_shentsize) it has effectively two (16 bits, unsigned) operands. The sub-expression is promoted to type int (32 bits, signed) for multiplication and then added to eHdr->e_shoff, which is uint32_t on 32-bit platforms and uint64_t on 64-bit platforms. Since eHdr->e_shoff is unsigned, the integer conversion rules dictates that the other signed operand(i.e. the resultant of aforementioned sub-expression) will be converted to unsigned type too. This causes sign-extension for both of the above operands to match eHdr->e_shoff's type and should be avoided. The solution is to explicitly cast one of the operands of the sub-expression with unsigned int type. Hence, the other operand will be integer promoted and the resultant will also be of unsigned int type, not requiring to bother about a sign-extension. Reported-by: Coverity CID=280008 Reported-by: Coverity CID=280009 Reported-by: Coverity CID=280010 Signed-off-by: Umang Jain Reviewed-by: Kieran Bingham Reviewed-by: Laurent Pinchart --- src/libcamera/ipa_module.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libcamera/ipa_module.cpp b/src/libcamera/ipa_module.cpp index 60aaa34..72e357e 100644 --- a/src/libcamera/ipa_module.cpp +++ b/src/libcamera/ipa_module.cpp @@ -93,7 +93,8 @@ ElfW(Shdr) *elfSection(Span elf, ElfW(Ehdr) *eHdr, ElfW(Half) idx) if (idx >= eHdr->e_shnum) return nullptr; - off_t offset = eHdr->e_shoff + idx * eHdr->e_shentsize; + off_t offset = eHdr->e_shoff + idx * + static_cast(eHdr->e_shentsize); return elfPointer(elf, offset); }