mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-18 16:44:33 +00:00
usb: cdns3: gadget: suspicious implicit sign extension
The code: trb->length = cpu_to_le32(TRB_BURST_LEN(priv_ep->trb_burst_size) | TRB_LEN(length)); TRB_BURST_LEN(priv_ep->trb_burst_size) may be overflow for int 32 if priv_ep->trb_burst_size is equal or larger than 0x80; Below is the Coverity warning: sign_extension: Suspicious implicit sign extension: priv_ep->trb_burst_size with type u8 (8 bits, unsigned) is promoted in priv_ep->trb_burst_size << 24 to type int (32 bits, signed), then sign-extended to type unsigned long (64 bits, unsigned). If priv_ep->trb_burst_size << 24 is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. To fix it, it needs to add an explicit cast to unsigned int type for ((p) << 24). Reviewed-by: Jun Li <jun.li@nxp.com> Signed-off-by: Peter Chen <peter.chen@nxp.com>
This commit is contained in:
Peter Chen
parent
defe40af1a
commit
5fca3f0628
1 changed files with 1 additions and 1 deletions
|
|
@ -1072,7 +1072,7 @@ struct cdns3_trb {
|
|||
#define TRB_TDL_SS_SIZE_GET(p) (((p) & GENMASK(23, 17)) >> 17)
|
||||
|
||||
/* transfer_len bitmasks - bits 31:24 */
|
||||
#define TRB_BURST_LEN(p) (((p) << 24) & GENMASK(31, 24))
|
||||
#define TRB_BURST_LEN(p) ((unsigned int)((p) << 24) & GENMASK(31, 24))
|
||||
#define TRB_BURST_LEN_GET(p) (((p) & GENMASK(31, 24)) >> 24)
|
||||
|
||||
/* Data buffer pointer bitmasks*/
|
||||
|
|
|
|||
Loading…
Reference in a new issue