From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
To: Fabio Estevam <festevam@gmail.com>
Cc: Bart Van Assche <bvanassche@acm.org>,
linux-media <linux-media@vger.kernel.org>
Subject: Re: UBSAN: shift-out-of-bounds in drivers/media/usb/uvc/uvc_ctrl.c:781
Date: Wed, 19 Aug 2020 02:54:06 +0300 [thread overview]
Message-ID: <20200818235406.GE2360@pendragon.ideasonboard.com> (raw)
In-Reply-To: <CAOMZO5BhURkMW9Syw88OzuXGroqWAa+0fhttQqTT6GdRknX+Xg@mail.gmail.com>
Hello,
On Tue, Aug 18, 2020 at 02:58:22PM -0300, Fabio Estevam wrote:
> Hi Bart/Laurent,
>
> On Tue, Aug 18, 2020 at 2:41 PM Bart Van Assche <bvanassche@acm.org> wrote:
> >
> > Hi,
> >
> > This morning I installed a debug build of kernel v5.8.1 on my laptop.
> > The complaint shown below appeared in the kernel log. Is this a known
> > issue?
> >
> > ================================================================================
> > UBSAN: shift-out-of-bounds in drivers/media/usb/uvc/uvc_ctrl.c:781:13
> > shift exponent -7 is negative
>
> Should we fix it like this?
>
> --- a/drivers/media/usb/uvc/uvc_ctrl.c
> +++ b/drivers/media/usb/uvc/uvc_ctrl.c
> @@ -778,7 +778,7 @@ static s32 uvc_get_le_value(struct
> uvc_control_mapping *mapping,
> value |= offset > 0 ? (byte >> offset) : (byte << (-offset));
> bits -= 8 - (offset > 0 ? offset : 0);
> offset -= 8;
> - mask = (1 << bits) - 1;
> + mask = (1LL << bits) - 1;
> }
No, the issue is that bits is equal to -7, 1LL won't change that.
Once bits become negative, the loop stops, and the mask value isn't used
afterwards. This would only cause an issue if a shift with a negative
value generated side effects (such as a trap for instance) on top of
producing an incorrect result. Can this happen ? I suppose we should
silence the warning even if it's a false positive, as it doesn't look
good in the kernel log.
--
Regards,
Laurent Pinchart
next prev parent reply other threads:[~2020-08-18 23:54 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-18 17:39 UBSAN: shift-out-of-bounds in drivers/media/usb/uvc/uvc_ctrl.c:781 Bart Van Assche
2020-08-18 17:58 ` Fabio Estevam
2020-08-18 23:54 ` Laurent Pinchart [this message]
2020-08-19 0:03 ` [PATCH] media: uvc: Silence shift-out-of-bounds warning Laurent Pinchart
2020-08-20 3:25 ` Bart Van Assche
2020-08-20 10:37 ` Laurent Pinchart
2020-08-20 15:38 ` Bart Van Assche
2020-08-19 0:17 ` UBSAN: shift-out-of-bounds in drivers/media/usb/uvc/uvc_ctrl.c:781 Fabio Estevam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200818235406.GE2360@pendragon.ideasonboard.com \
--to=laurent.pinchart@ideasonboard.com \
--cc=bvanassche@acm.org \
--cc=festevam@gmail.com \
--cc=linux-media@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).