From 79d666247182b0e42560ab505c29173ca94bdbb0 Mon Sep 17 00:00:00 2001 From: Umang Jain Date: Sun, 7 Jun 2020 14:30:18 +0000 Subject: libcamera: ipa_module: Fix implicit sign-extension in elfSection Given how the elfSection() function uses the sub-expression (idx * eHdr->e_shentsize) it has effectively two (16 bits, unsigned) operands. The sub-expression is promoted to type int (32 bits, signed) for multiplication and then added to eHdr->e_shoff, which is uint32_t on 32-bit platforms and uint64_t on 64-bit platforms. Since eHdr->e_shoff is unsigned, the integer conversion rules dictate that the other signed operand (i.e. the result of aforementioned sub-expression) will be converted to unsigned type too. This causes sign-extension for both of the above operands to match eHdr->e_shoff's type and should be avoided. The solution is to explicitly cast one of the operands of the sub-expression with unsigned int type. Hence, the other operand will be integer promoted and the resultant will also be of unsigned int type, not requiring to bother about a sign-extension. Reported-by: Coverity CID=280008 Reported-by: Coverity CID=280009 Reported-by: Coverity CID=280010 Signed-off-by: Umang Jain Reviewed-by: Kieran Bingham Reviewed-by: Laurent Pinchart Signed-off-by: Laurent Pinchart --- src/libcamera/ipa_module.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/libcamera/ipa_module.cpp') diff --git a/src/libcamera/ipa_module.cpp b/src/libcamera/ipa_module.cpp index 60aaa344..72e357ec 100644 --- a/src/libcamera/ipa_module.cpp +++ b/src/libcamera/ipa_module.cpp @@ -93,7 +93,8 @@ ElfW(Shdr) *elfSection(Span elf, ElfW(Ehdr) *eHdr, ElfW(Half) idx) if (idx >= eHdr->e_shnum) return nullptr; - off_t offset = eHdr->e_shoff + idx * eHdr->e_shentsize; + off_t offset = eHdr->e_shoff + idx * + static_cast(eHdr->e_shentsize); return elfPointer(elf, offset); } -- cgit v1.2.1