This is an automatic generated email to let you know that the following patch
were queued:
Subject: media: coda: cast an operand of multiplication to a larger type
Author: Anastasia Belova <abel...@astralinux.ru>
Date: Mon Feb 5 18:23:50 2024 +0300
If the width and height are 0xffff (or close), the result of a
multiplication will overflow.
Cast to a larger type to avoid undefined behavior.
Such values are possible in CODA7, but unlikely.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 918c66fd4126 ("[media] coda: add CODA7541 decoding support")
Signed-off-by: Anastasia Belova <abel...@astralinux.ru>
Signed-off-by: Sebastian Fricke <sebastian.fri...@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-ci...@xs4all.nl>
drivers/media/platform/chips-media/coda/coda-bit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
---
diff --git a/drivers/media/platform/chips-media/coda/coda-bit.c
b/drivers/media/platform/chips-media/coda/coda-bit.c
index ed47d5bd8d61..84ded154adfe 100644
--- a/drivers/media/platform/chips-media/coda/coda-bit.c
+++ b/drivers/media/platform/chips-media/coda/coda-bit.c
@@ -585,7 +585,7 @@ static int coda_alloc_context_buffers(struct coda_ctx *ctx,
if (!ctx->slicebuf.vaddr && q_data->fourcc == V4L2_PIX_FMT_H264) {
/* worst case slice size */
- size = (DIV_ROUND_UP(q_data->rect.width, 16) *
+ size = (unsigned long)(DIV_ROUND_UP(q_data->rect.width, 16) *
DIV_ROUND_UP(q_data->rect.height, 16)) * 3200 / 8 + 512;
ret = coda_alloc_context_buf(ctx, &ctx->slicebuf, size,
"slicebuf");
