* [PATCH] ASoC: Fix UBSAN warning at snd_soc_get/put_volsw_sx()
@ 2018-09-10 17:33 Rohit kumar
2018-09-10 18:26 ` Takashi Iwai
0 siblings, 1 reply; 4+ messages in thread
From: Rohit kumar @ 2018-09-10 17:33 UTC (permalink / raw)
To: lgirdwood, broonie, perex, tiwai, alsa-devel, linux-kernel,
rohkumar
Cc: Rohit kumar
In functions snd_soc_get_volsw_sx() or snd_soc_put_volsw_sx(),
if the result of (min + max) is negative, then fls() returns
signed integer with value as 32. This leads to signed integer
overflow as complete operation is considered as signed integer.
UBSAN: Undefined behaviour in sound/soc/soc-ops.c:382:50
signed integer overflow:
-2147483648 - 1 cannot be represented in type 'int'
Call trace:
[<ffffff852f746fe4>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffff852f746fe4>] dump_stack+0xec/0x158 lib/dump_stack.c:51
[<ffffff852f7b5f3c>] ubsan_epilogue+0x18/0x50 lib/ubsan.c:164
[<ffffff852f7b6840>] handle_overflow+0xf8/0x130 lib/ubsan.c:195
[<ffffff852f7b68f0>] __ubsan_handle_sub_overflow+0x34/0x44 lib/ubsan.c:211
[<ffffff85307971a0>] snd_soc_get_volsw_sx+0x1a8/0x1f8 sound/soc/soc-ops.c:382
Typecast the operation to unsigned int to fix the issue.
Signed-off-by: Rohit kumar <rohitkr@codeaurora.org>
---
sound/soc/soc-ops.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/soc-ops.c b/sound/soc/soc-ops.c
index 592efb3..f8e3190 100644
--- a/sound/soc/soc-ops.c
+++ b/sound/soc/soc-ops.c
@@ -373,7 +373,7 @@ int snd_soc_get_volsw_sx(struct snd_kcontrol *kcontrol,
unsigned int rshift = mc->rshift;
int max = mc->max;
int min = mc->min;
- unsigned int mask = (1 << (fls(min + max) - 1)) - 1;
+ unsigned int mask = ((unsigned int)(1 << (fls(min + max) - 1)) - 1);
unsigned int val;
int ret;
@@ -418,7 +418,7 @@ int snd_soc_put_volsw_sx(struct snd_kcontrol *kcontrol,
unsigned int rshift = mc->rshift;
int max = mc->max;
int min = mc->min;
- unsigned int mask = (1 << (fls(min + max) - 1)) - 1;
+ unsigned int mask = ((unsigned int)(1 << (fls(min + max) - 1)) - 1);
int err = 0;
unsigned int val, val_mask, val2 = 0;
--
Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc.,
is a member of Code Aurora Forum, a Linux Foundation Collaborative Project.
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] ASoC: Fix UBSAN warning at snd_soc_get/put_volsw_sx()
2018-09-10 17:33 [PATCH] ASoC: Fix UBSAN warning at snd_soc_get/put_volsw_sx() Rohit kumar
@ 2018-09-10 18:26 ` Takashi Iwai
0 siblings, 0 replies; 4+ messages in thread
From: Takashi Iwai @ 2018-09-10 18:26 UTC (permalink / raw)
To: Rohit kumar; +Cc: rohkumar, alsa-devel, linux-kernel, lgirdwood, broonie
On Mon, 10 Sep 2018 19:33:56 +0200,
Rohit kumar wrote:
>
> In functions snd_soc_get_volsw_sx() or snd_soc_put_volsw_sx(),
> if the result of (min + max) is negative, then fls() returns
> signed integer with value as 32. This leads to signed integer
> overflow as complete operation is considered as signed integer.
>
> UBSAN: Undefined behaviour in sound/soc/soc-ops.c:382:50
> signed integer overflow:
> -2147483648 - 1 cannot be represented in type 'int'
> Call trace:
> [<ffffff852f746fe4>] __dump_stack lib/dump_stack.c:15 [inline]
> [<ffffff852f746fe4>] dump_stack+0xec/0x158 lib/dump_stack.c:51
> [<ffffff852f7b5f3c>] ubsan_epilogue+0x18/0x50 lib/ubsan.c:164
> [<ffffff852f7b6840>] handle_overflow+0xf8/0x130 lib/ubsan.c:195
> [<ffffff852f7b68f0>] __ubsan_handle_sub_overflow+0x34/0x44 lib/ubsan.c:211
> [<ffffff85307971a0>] snd_soc_get_volsw_sx+0x1a8/0x1f8 sound/soc/soc-ops.c:382
>
> Typecast the operation to unsigned int to fix the issue.
>
> Signed-off-by: Rohit kumar <rohitkr@codeaurora.org>
> ---
> sound/soc/soc-ops.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/sound/soc/soc-ops.c b/sound/soc/soc-ops.c
> index 592efb3..f8e3190 100644
> --- a/sound/soc/soc-ops.c
> +++ b/sound/soc/soc-ops.c
> @@ -373,7 +373,7 @@ int snd_soc_get_volsw_sx(struct snd_kcontrol *kcontrol,
> unsigned int rshift = mc->rshift;
> int max = mc->max;
> int min = mc->min;
> - unsigned int mask = (1 << (fls(min + max) - 1)) - 1;
> + unsigned int mask = ((unsigned int)(1 << (fls(min + max) - 1)) - 1);
Cat it be simpler like below instead?
unsigned int mask = (1U << (fls(min + max) - 1)) - 1;
thanks,
Takashi
> unsigned int val;
> int ret;
>
> @@ -418,7 +418,7 @@ int snd_soc_put_volsw_sx(struct snd_kcontrol *kcontrol,
> unsigned int rshift = mc->rshift;
> int max = mc->max;
> int min = mc->min;
> - unsigned int mask = (1 << (fls(min + max) - 1)) - 1;
> + unsigned int mask = ((unsigned int)(1 << (fls(min + max) - 1)) - 1);
> int err = 0;
> unsigned int val, val_mask, val2 = 0;
>
> --
> Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc.,
> is a member of Code Aurora Forum, a Linux Foundation Collaborative Project.
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] ASoC: Fix UBSAN warning at snd_soc_get/put_volsw_sx()
@ 2018-09-10 18:26 ` Takashi Iwai
0 siblings, 0 replies; 4+ messages in thread
From: Takashi Iwai @ 2018-09-10 18:26 UTC (permalink / raw)
To: Rohit kumar; +Cc: alsa-devel, lgirdwood, broonie, perex, rohkumar, linux-kernel
On Mon, 10 Sep 2018 19:33:56 +0200,
Rohit kumar wrote:
>
> In functions snd_soc_get_volsw_sx() or snd_soc_put_volsw_sx(),
> if the result of (min + max) is negative, then fls() returns
> signed integer with value as 32. This leads to signed integer
> overflow as complete operation is considered as signed integer.
>
> UBSAN: Undefined behaviour in sound/soc/soc-ops.c:382:50
> signed integer overflow:
> -2147483648 - 1 cannot be represented in type 'int'
> Call trace:
> [<ffffff852f746fe4>] __dump_stack lib/dump_stack.c:15 [inline]
> [<ffffff852f746fe4>] dump_stack+0xec/0x158 lib/dump_stack.c:51
> [<ffffff852f7b5f3c>] ubsan_epilogue+0x18/0x50 lib/ubsan.c:164
> [<ffffff852f7b6840>] handle_overflow+0xf8/0x130 lib/ubsan.c:195
> [<ffffff852f7b68f0>] __ubsan_handle_sub_overflow+0x34/0x44 lib/ubsan.c:211
> [<ffffff85307971a0>] snd_soc_get_volsw_sx+0x1a8/0x1f8 sound/soc/soc-ops.c:382
>
> Typecast the operation to unsigned int to fix the issue.
>
> Signed-off-by: Rohit kumar <rohitkr@codeaurora.org>
> ---
> sound/soc/soc-ops.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/sound/soc/soc-ops.c b/sound/soc/soc-ops.c
> index 592efb3..f8e3190 100644
> --- a/sound/soc/soc-ops.c
> +++ b/sound/soc/soc-ops.c
> @@ -373,7 +373,7 @@ int snd_soc_get_volsw_sx(struct snd_kcontrol *kcontrol,
> unsigned int rshift = mc->rshift;
> int max = mc->max;
> int min = mc->min;
> - unsigned int mask = (1 << (fls(min + max) - 1)) - 1;
> + unsigned int mask = ((unsigned int)(1 << (fls(min + max) - 1)) - 1);
Cat it be simpler like below instead?
unsigned int mask = (1U << (fls(min + max) - 1)) - 1;
thanks,
Takashi
> unsigned int val;
> int ret;
>
> @@ -418,7 +418,7 @@ int snd_soc_put_volsw_sx(struct snd_kcontrol *kcontrol,
> unsigned int rshift = mc->rshift;
> int max = mc->max;
> int min = mc->min;
> - unsigned int mask = (1 << (fls(min + max) - 1)) - 1;
> + unsigned int mask = ((unsigned int)(1 << (fls(min + max) - 1)) - 1);
> int err = 0;
> unsigned int val, val_mask, val2 = 0;
>
> --
> Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc.,
> is a member of Code Aurora Forum, a Linux Foundation Collaborative Project.
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [alsa-devel] [PATCH] ASoC: Fix UBSAN warning at snd_soc_get/put_volsw_sx()
2018-09-10 18:26 ` Takashi Iwai
(?)
@ 2018-09-11 9:26 ` Rohit Kumar
-1 siblings, 0 replies; 4+ messages in thread
From: Rohit Kumar @ 2018-09-11 9:26 UTC (permalink / raw)
To: Takashi Iwai; +Cc: rohkumar, alsa-devel, linux-kernel, lgirdwood, broonie
Thanks Takashi for reviewing.
On 9/10/2018 11:56 PM, Takashi Iwai wrote:
> On Mon, 10 Sep 2018 19:33:56 +0200,
> Rohit kumar wrote:
>> In functions snd_soc_get_volsw_sx() or snd_soc_put_volsw_sx(),
>> if the result of (min + max) is negative, then fls() returns
>> signed integer with value as 32. This leads to signed integer
>> overflow as complete operation is considered as signed integer.
>>
>> UBSAN: Undefined behaviour in sound/soc/soc-ops.c:382:50
>> signed integer overflow:
>> -2147483648 - 1 cannot be represented in type 'int'
>> Call trace:
>> [<ffffff852f746fe4>] __dump_stack lib/dump_stack.c:15 [inline]
>> [<ffffff852f746fe4>] dump_stack+0xec/0x158 lib/dump_stack.c:51
>> [<ffffff852f7b5f3c>] ubsan_epilogue+0x18/0x50 lib/ubsan.c:164
>> [<ffffff852f7b6840>] handle_overflow+0xf8/0x130 lib/ubsan.c:195
>> [<ffffff852f7b68f0>] __ubsan_handle_sub_overflow+0x34/0x44 lib/ubsan.c:211
>> [<ffffff85307971a0>] snd_soc_get_volsw_sx+0x1a8/0x1f8 sound/soc/soc-ops.c:382
>>
>> Typecast the operation to unsigned int to fix the issue.
>>
>> Signed-off-by: Rohit kumar <rohitkr@codeaurora.org>
>> ---
>> sound/soc/soc-ops.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/sound/soc/soc-ops.c b/sound/soc/soc-ops.c
>> index 592efb3..f8e3190 100644
>> --- a/sound/soc/soc-ops.c
>> +++ b/sound/soc/soc-ops.c
>> @@ -373,7 +373,7 @@ int snd_soc_get_volsw_sx(struct snd_kcontrol *kcontrol,
>> unsigned int rshift = mc->rshift;
>> int max = mc->max;
>> int min = mc->min;
>> - unsigned int mask = (1 << (fls(min + max) - 1)) - 1;
>> + unsigned int mask = ((unsigned int)(1 << (fls(min + max) - 1)) - 1);
> Cat it be simpler like below instead?
> unsigned int mask = (1U << (fls(min + max) - 1)) - 1;
Yes, let me just update it.
>
> thanks,
>
> Takashi
>
>> unsigned int val;
>> int ret;
>>
>> @@ -418,7 +418,7 @@ int snd_soc_put_volsw_sx(struct snd_kcontrol *kcontrol,
>> unsigned int rshift = mc->rshift;
>> int max = mc->max;
>> int min = mc->min;
>> - unsigned int mask = (1 << (fls(min + max) - 1)) - 1;
>> + unsigned int mask = ((unsigned int)(1 << (fls(min + max) - 1)) - 1);
>> int err = 0;
>> unsigned int val, val_mask, val2 = 0;
>>
>> --
>> Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc.,
>> is a member of Code Aurora Forum, a Linux Foundation Collaborative Project.
>>
>>
> _______________________________________________
> Alsa-devel mailing list
> Alsa-devel@alsa-project.org
> http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
Thanks,
Rohit
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-09-11 9:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-09-10 17:33 [PATCH] ASoC: Fix UBSAN warning at snd_soc_get/put_volsw_sx() Rohit kumar
2018-09-10 18:26 ` Takashi Iwai
2018-09-10 18:26 ` Takashi Iwai
2018-09-11 9:26 ` [alsa-devel] " Rohit Kumar
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.