Thread (4 messages) 4 messages, 4 authors, 2021-05-10

Re: [PATCH] iio: tsl2583: Fix division by a zero lux_val

From: Dan Carpenter <hidden>
Date: 2021-05-10 07:00:11
Also in: linux-iio, lkml

On Sat, May 08, 2021 at 10:01:14AM -0700, Joe Perches wrote:
On Sat, 2021-05-08 at 17:12 +0100, Jonathan Cameron wrote:
quoted
On Fri,  7 May 2021 19:30:41 +0100 Colin King [off-list ref] wrote:
[]
quoted
quoted
The lux_val returned from tsl2583_get_lux can potentially be zero,
so check for this to avoid a division by zero and an overflowed
gain_trim_val.
[]
quoted
quoted
Fixes: ac4f6eee8fe8 ("staging: iio: TAOS tsl258x: Device driver")
Signed-off-by: Colin Ian King <redacted>
Definitely looks like it could happen so applied to the fixes-togreg branch of
iio.git and marked for stable.
[]
quoted
quoted
diff --git a/drivers/iio/light/tsl2583.c b/drivers/iio/light/tsl2583.c
[]
quoted
quoted
@@ -341,6 +341,14 @@ static int tsl2583_als_calibrate(struct iio_dev *indio_dev)
 		return lux_val;
 	}

+	/* Avoid division by zero of lux_value later on */
+	if (lux_val == 0) {
+		dev_err(&chip->client->dev,
+			"%s: lux_val of 0 will produce out of range trim_value\n",
+			__func__);
+		return -ENODATA;
+	}
+
 	gain_trim_val = (unsigned int)(((chip->als_settings.als_cal_target)
 			* chip->als_settings.als_gain_trim) / lux_val);
Is a multiplication overflow possible here?
These are chip->foo values and they ought to be trustworthy.

Of course, in real life, they can be set to INT_MAX in
in_illuminance_input_target_store() and tsl2583_write_raw so they can
overflow...  Anyway, if we were going to add a check it would be at
the point where we get the number from the user and before we save it
to chip->

regards,
dan carpenter
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help