From: Greg KH <gregkh@linuxfoundation.org>
To: Peter Huewe <peterhuewe@gmx.de>
Cc: Ashley Lai <ashley@ashleylai.com>,
Rajiv Andrade <mail@srajiv.net>,
Marcel Selhorst <tpmdd@selhorst.net>,
tpmdd-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] tpm/tpm_i2c_stm_st33: Check return code of get_burstcount (fix CID: 986658)
Date: Tue, 29 Oct 2013 17:06:18 -0700 [thread overview]
Message-ID: <20131030000618.GA5241@kroah.com> (raw)
In-Reply-To: <1383090860-15901-1-git-send-email-peterhuewe@gmx.de>
On Wed, Oct 30, 2013 at 12:54:20AM +0100, Peter Huewe wrote:
> Coverity complains about
> "Improper use of negative value
> The negative value may be unexpected by later operations, causing
> incorrect computations.
> In tpm_stm_i2c_send: Negative value can be returned from function is not
> being checked before being used improperly (CWE-394)"
>
> The 'get_burstcount' function can in some circumstances 'return -EBUSY' which
> in tpm_stm_i2c_send is stored in an 'u32 burstcnt'
> thus converting the signed value into an unsigned value, resulting
> in 'burstcnt' being huge.
> Changing the type to u32 only does not solve the problem as the signed
> value is converted to an unsigned in I2C_WRITE_DATA, resulting in the
> same effect.
>
> Thus
> -> Change type of burstcnt to u32 (the return type of get_burstcount)
> -> Add a check for the return value of 'get_burstcount' and propagate a
> potential error.
>
> This makes also sense in the 'I2C_READ_DATA' case, where the there is no
> signed/unsigned conversion.
>
> CID: 986658
What is this field for?
thanks,
greg k-h
next prev parent reply other threads:[~2013-10-30 0:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-29 23:54 [PATCH] tpm/tpm_i2c_stm_st33: Check return code of get_burstcount (fix CID: 986658) Peter Huewe
2013-10-30 0:06 ` Greg KH [this message]
2013-10-30 0:42 ` Peter Hüwe
2013-10-30 3:07 ` Greg KH
2013-10-30 3:07 ` Greg KH
2013-10-30 19:38 ` Peter Hüwe
2013-11-04 3:44 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131030000618.GA5241@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ashley@ashleylai.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mail@srajiv.net \
--cc=peterhuewe@gmx.de \
--cc=stable@vger.kernel.org \
--cc=tpmdd-devel@lists.sourceforge.net \
--cc=tpmdd@selhorst.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.