[U-Boot] [PATCH 2/3] nvme: Fix potential sign extension issue in nvme_blk_rw()

Bin Meng Sat, 02 Sep 2017 08:12:08 -0700

"lbas" with type "u16" (16 bits, unsigned) is promoted in
"lbas << ns->lba_shift" to type "int" (32 bits, signed), then
sign-extended to type "unsigned long long" (64 bits, unsigned).
If "lbas << ns->lba_shift" is greater than 0x7FFFFFFF, the upper
bits of the result will all be 1.


Fix it by casting "lbas" to "u32".

Reported-by: Coverity (CID: 166730)
Signed-off-by: Bin Meng <[email protected]>
---

 drivers/nvme/nvme.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nvme/nvme.c b/drivers/nvme/nvme.c
index 4448754..59d54eb 100644
--- a/drivers/nvme/nvme.c
+++ b/drivers/nvme/nvme.c
@@ -723,7 +723,7 @@ static ulong nvme_blk_rw(struct udevice *udev, lbaint_t 
blknr,
                                &c, NULL, IO_TIMEOUT);
                if (status)
                        break;
-               temp_len -= lbas << ns->lba_shift;
+               temp_len -= (u32)lbas << ns->lba_shift;
                buffer += lbas << ns->lba_shift;
        }
 
-- 
2.9.2

_______________________________________________
U-Boot mailing list
[email protected]
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 2/3] nvme: Fix potential sign extension issue in nvme_blk_rw()

Reply via email to