On 2021/08/30 22:00, Dan Carpenter wrote:
quoted
quoted
diff --git a/drivers/video/fbdev/vga16fb.c b/drivers/video/fbdev/vga16fb.c
index e2757ff1c23d..e483a3f5fd47 100644
--- a/drivers/video/fbdev/vga16fb.c
+++ b/drivers/video/fbdev/vga16fb.c
@@ -403,7 +403,7 @@ static int vga16fb_check_var(struct fb_var_screeninfo *var,
if (yres > vyres)
vyres = yres;
- if (vxres * vyres > maxmem) {
+ if ((u64) vxres * vyres > (u64) maxmem) {
Mindlessly changing the sizes is not the solution.
Please use e.g. the array_size() helper from <linux/overflow.h>
instead.
On a 64bit system the array_size() macro is going to do the exact same
casts? But I do think this code would be easier to understand if the
integer overflow check were pull out separately and done first:
if (array_size(vxres, vyres) >= UINT_MAX)
return -EINVAL;
This is wrong. array_size() returns ULONG_MAX on 64bits upon overflow and
returns UINT_MAX on 32bits upon overflow. However, UINT_MAX is a valid
value without overflow (e.g. vxres == UINT_MAX / 15 && vyres == 15).
Comparing like "> (u64) UINT_MAX" is to detect only overflow.
array_size() would be helpful for forcing memory allocation to fail
(instead of allocating smaller than actually required).
if (vxres * vyres > maxmem) {
...
The UINT_MAX is because vxres and vyres are u32.
This would maybe be the first time anyone ever did an integer overflow
check like this in the kernel. It's a new idiom.
regards,
dan carpenter