On Fri, 27 Dec 2024 at 10:55, Тигран Согомонян
wrote:
>
> 27/12/24 01:49, Alex Bennée пишет:
> > Tigran Sogomonian writes:
> >
> >> s->buswidth = nand_flash_ids[s->chip_id].width >> 3;
> >> <= 16 >> 3 <= 2.
> >> x <= s->ioaddr[offset] << (s->buswidth << 3)
> >> <= max_uint8_t << 16
> >> With x <<
27/12/24 01:49, Alex Bennée пишет:
Tigran Sogomonian writes:
s->buswidth = nand_flash_ids[s->chip_id].width >> 3;
<= 16 >> 3 <= 2.
x <= s->ioaddr[offset] << (s->buswidth << 3)
<= max_uint8_t << 16
With x << 24 overflow is possible.
Other cases are similar.
Thus, need to cast return value to ui
Tigran Sogomonian writes:
> s->buswidth = nand_flash_ids[s->chip_id].width >> 3;
> <= 16 >> 3 <= 2.
> x <= s->ioaddr[offset] << (s->buswidth << 3)
> <= max_uint8_t << 16
> With x << 24 overflow is possible.
> Other cases are similar.
> Thus, need to cast return value to uint64_t.
>
> Found by Lin
s->buswidth = nand_flash_ids[s->chip_id].width >> 3;
<= 16 >> 3 <= 2.
x <= s->ioaddr[offset] << (s->buswidth << 3)
<= max_uint8_t << 16
With x << 24 overflow is possible.
Other cases are similar.
Thus, need to cast return value to uint64_t.
Found by Linux Verification Center (linuxtesting.org) wit
