From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Dan Carpenter <dan.carpenter@linaro.org>,
Ricardo Ribalda <ribalda@chromium.org>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 026/102] media: dvb-frontends: tda10048: Fix integer overflow
Date: Tue, 9 Jul 2024 13:09:49 +0200 [thread overview]
Message-ID: <20240709110652.387038523@linuxfoundation.org> (raw)
In-Reply-To: <20240709110651.353707001@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ricardo Ribalda <ribalda@chromium.org>
[ Upstream commit 1aa1329a67cc214c3b7bd2a14d1301a795760b07 ]
state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer
when multiplied by pll_mfactor.
Create a new 64 bit variable to hold the calculations.
Link: https://lore.kernel.org/linux-media/20240429-fix-cocci-v3-25-3c4865f5a4b0@chromium.org
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-frontends/tda10048.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/media/dvb-frontends/tda10048.c b/drivers/media/dvb-frontends/tda10048.c
index f6d8a64762b99..907e786c5e10b 100644
--- a/drivers/media/dvb-frontends/tda10048.c
+++ b/drivers/media/dvb-frontends/tda10048.c
@@ -410,6 +410,7 @@ static int tda10048_set_if(struct dvb_frontend *fe, u32 bw)
struct tda10048_config *config = &state->config;
int i;
u32 if_freq_khz;
+ u64 sample_freq;
dprintk(1, "%s(bw = %d)\n", __func__, bw);
@@ -451,9 +452,11 @@ static int tda10048_set_if(struct dvb_frontend *fe, u32 bw)
dprintk(1, "- pll_pfactor = %d\n", state->pll_pfactor);
/* Calculate the sample frequency */
- state->sample_freq = state->xtal_hz * (state->pll_mfactor + 45);
- state->sample_freq /= (state->pll_nfactor + 1);
- state->sample_freq /= (state->pll_pfactor + 4);
+ sample_freq = state->xtal_hz;
+ sample_freq *= state->pll_mfactor + 45;
+ do_div(sample_freq, state->pll_nfactor + 1);
+ do_div(sample_freq, state->pll_pfactor + 4);
+ state->sample_freq = sample_freq;
dprintk(1, "- sample_freq = %d\n", state->sample_freq);
/* Update the I/F */
--
2.43.0
next prev parent reply other threads:[~2024-07-09 11:30 UTC|newest]
Thread overview: 120+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-09 11:09 [PATCH 6.1 000/102] 6.1.98-rc1 review Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 001/102] locking/mutex: Introduce devm_mutex_init() Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 002/102] crypto: hisilicon/debugfs - Fix debugfs uninit process issue Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 003/102] drm/lima: fix shared irq handling on driver remove Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 004/102] powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 005/102] media: dvb: as102-fe: Fix as10x_register_addr packing Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 006/102] media: dvb-usb: dib0700_devices: Add missing release_firmware() Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 007/102] IB/core: Implement a limit on UMAD receive List Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 008/102] scsi: qedf: Make qedf_execute_tmf() non-preemptible Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 009/102] irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Greg Kroah-Hartman
2024-07-09 12:05 ` Zenghui Yu
2024-07-11 9:36 ` Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 010/102] crypto: aead,cipher - zeroize key buffer after use Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 011/102] drm/amdgpu: Fix uninitialized variable warnings Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 012/102] drm/amdgpu: Initialize timestamp for some legacy SOCs Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 013/102] drm/amd/display: Check index msg_id before read or write Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 014/102] drm/amd/display: Check pipe offset before setting vblank Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 015/102] drm/amd/display: Skip finding free audio for unknown engine_id Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 016/102] drm/amdgpu: fix uninitialized scalar variable warning Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 017/102] media: dw2102: Dont translate i2c read into write Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 018/102] sctp: prefer struct_size over open coded arithmetic Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 019/102] firmware: dmi: Stop decoding on broken entry Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 020/102] Input: ff-core - prefer struct_size over open coded arithmetic Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 021/102] usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 022/102] wifi: mt76: replace skb_put with skb_put_zero Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 023/102] net: dsa: mv88e6xxx: Correct check for empty list Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 024/102] media: dvb-frontends: tda18271c2dd: Remove casting during div Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 025/102] media: s2255: Use refcount_t instead of atomic_t for num_channels Greg Kroah-Hartman
2024-07-09 11:09 ` Greg Kroah-Hartman [this message]
2024-07-09 11:09 ` [PATCH 6.1 027/102] i2c: i801: Annotate apanel_addr as __ro_after_init Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 028/102] powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 029/102] orangefs: fix out-of-bounds fsid access Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 030/102] kunit: Fix timeout message Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 031/102] kunit: Handle test faults Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 032/102] powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 033/102] igc: fix a log entry using uninitialized netdev Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 034/102] bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 035/102] f2fs: check validation of fault attrs in f2fs_build_fault_attr() Greg Kroah-Hartman
2024-07-09 11:09 ` [PATCH 6.1 036/102] scsi: mpi3mr: Sanitise num_phys Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 037/102] serial: imx: Raise TX trigger level to 8 Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 038/102] jffs2: Fix potential illegal address access in jffs2_free_inode Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 039/102] s390: Mark psw in __load_psw_mask() as __unitialized Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 040/102] s390/pkey: Wipe sensitive data on failure Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 041/102] btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation warning Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 042/102] cdrom: rearrange last_media_change check to avoid unintentional overflow Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 043/102] tools/power turbostat: Remember global max_die_id Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 044/102] mac802154: fix time calculation in ieee802154_configure_durations() Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 045/102] UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 046/102] net/mlx5: E-switch, Create ingress ACL when needed Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 047/102] net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 048/102] tcp_metrics: validate source addr length Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 049/102] KVM: s390: fix LPSWEY handling Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 050/102] e1000e: Fix S0ix residency on corporate systems Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 051/102] net: allow skb_datagram_iter to be called from any context Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 052/102] net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 053/102] wifi: wilc1000: fix ies_len type in connect path Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 054/102] riscv: kexec: Avoid deadlock in kexec crash path Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 055/102] netfilter: nf_tables: unconditionally flush pending work before notifier Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 056/102] bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 057/102] selftests: fix OOM in msg_zerocopy selftest Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 058/102] selftests: make order checking verbose " Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 059/102] inet_diag: Initialize pad field in struct inet_diag_req_v2 Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 060/102] mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 061/102] platform/x86: toshiba_acpi: Fix quickstart quirk handling Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 062/102] Revert "igc: fix a log entry using uninitialized netdev" Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 063/102] nilfs2: fix inode number range checks Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 064/102] nilfs2: add missing check for inode numbers on directory entries Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 065/102] mm: optimize the redundant loop of mm_update_owner_next() Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 066/102] mm: avoid overflows in dirty throttling logic Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 067/102] btrfs: fix adding block group to a reclaim list and the unused list during reclaim Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 068/102] f2fs: Add inline to f2fs_build_fault_attr() stub Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 069/102] scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add() Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 070/102] Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 071/102] can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 072/102] fsnotify: Do not generate events for O_PATH file descriptors Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 073/102] Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 074/102] drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 075/102] drm/amdgpu/atomfirmware: silence UBSAN warning Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 076/102] drm: panel-orientation-quirks: Add quirk for Valve Galileo Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 077/102] powerpc/pseries: Fix scv instruction crash with kexec Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 078/102] mtd: rawnand: Ensure ECC configuration is propagated to upper layers Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 079/102] mtd: rawnand: Bypass a couple of sanity checks during NAND identification Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 080/102] mtd: rawnand: rockchip: ensure NVDDR timings are rejected Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 081/102] bnx2x: Fix multiple UBSAN array-index-out-of-bounds Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 082/102] arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 083/102] ima: Avoid blocking in RCU read-side critical section Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 084/102] media: dw2102: fix a potential buffer overflow Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 085/102] clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 086/102] clk: mediatek: clk-mtk: Register MFG notifier in mtk_clk_simple_probe() Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 087/102] clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 088/102] i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 089/102] fs/ntfs3: Mark volume as dirty if xattr is broken Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 090/102] ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 091/102] nvme-multipath: find NUMA path only for online numa-node Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 092/102] dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 093/102] nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 094/102] regmap-i2c: Subtract reg size from max_write Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 095/102] platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet Greg Kroah-Hartman
2024-07-09 11:10 ` [PATCH 6.1 096/102] platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro Greg Kroah-Hartman
2024-07-09 11:11 ` [PATCH 6.1 097/102] nvmet: fix a possible leak when destroy a ctrl during qp establishment Greg Kroah-Hartman
2024-07-09 11:11 ` [PATCH 6.1 098/102] kbuild: fix short log for AS in link-vmlinux.sh Greg Kroah-Hartman
2024-07-09 11:11 ` [PATCH 6.1 099/102] nfc/nci: Add the inconsistency check between the input data length and count Greg Kroah-Hartman
2024-07-09 11:11 ` [PATCH 6.1 100/102] spi: cadence: Ensure data lines set to low during dummy-cycle period Greg Kroah-Hartman
2024-07-09 11:11 ` [PATCH 6.1 101/102] null_blk: Do not allow runt zone with zone capacity smaller then zone size Greg Kroah-Hartman
2024-07-09 11:11 ` [PATCH 6.1 102/102] nilfs2: fix incorrect inode allocation from reserved inodes Greg Kroah-Hartman
2024-07-09 18:41 ` [PATCH 6.1 000/102] 6.1.98-rc1 review SeongJae Park
2024-07-09 19:38 ` Pavel Machek
2024-07-09 19:56 ` Kelsey Steele
2024-07-09 20:27 ` Peter Schneider
2024-07-09 21:37 ` Mark Brown
2024-07-09 23:27 ` Shuah Khan
2024-07-10 8:34 ` Jon Hunter
2024-07-10 9:18 ` Shreeya Patel
2024-07-10 13:06 ` Ron Economos
2024-07-10 13:17 ` Yann Sionneau
2024-07-10 15:40 ` Naresh Kamboju
2024-07-11 9:43 ` Greg Kroah-Hartman
2024-07-11 11:18 ` Pavel Machek
2024-07-11 11:20 ` Pavel Machek
2024-07-12 17:05 ` Florian Fainelli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240709110652.387038523@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dan.carpenter@linaro.org \
--cc=mchehab@kernel.org \
--cc=patches@lists.linux.dev \
--cc=ribalda@chromium.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).