diff options
| author | Peter Chen <peter.chen@nxp.com> | 2020-10-22 08:55:03 +0800 |
|---|---|---|
| committer | Peter Chen <peter.chen@nxp.com> | 2020-10-29 18:01:47 +0800 |
| commit | 5fca3f062879f8e5214c56f3e3e2be6727900f5d (patch) | |
| tree | 934a9a535a2296abe338900967de74aee6a7a1b3 /usr | |
| parent | defe40af1a7143a0538d7c3e87224459eea0a877 (diff) | |
| download | linux-5fca3f062879f8e5214c56f3e3e2be6727900f5d.tar.bz2 | |
usb: cdns3: gadget: suspicious implicit sign extension
The code:
trb->length = cpu_to_le32(TRB_BURST_LEN(priv_ep->trb_burst_size)
| TRB_LEN(length));
TRB_BURST_LEN(priv_ep->trb_burst_size) may be overflow for int 32 if
priv_ep->trb_burst_size is equal or larger than 0x80;
Below is the Coverity warning:
sign_extension: Suspicious implicit sign extension: priv_ep->trb_burst_size
with type u8 (8 bits, unsigned) is promoted in priv_ep->trb_burst_size << 24
to type int (32 bits, signed), then sign-extended to type unsigned long
(64 bits, unsigned). If priv_ep->trb_burst_size << 24 is greater than 0x7FFFFFFF,
the upper bits of the result will all be 1.
To fix it, it needs to add an explicit cast to unsigned int type for ((p) << 24).
Reviewed-by: Jun Li <jun.li@nxp.com>
Signed-off-by: Peter Chen <peter.chen@nxp.com>
Diffstat (limited to 'usr')
0 files changed, 0 insertions, 0 deletions