[libcamera-devel] [PATCH] libcamera: ipa_module: Fix implicit sign-extension in eflLoadSymbol

Umang Jain email at uajain.com
Fri Jun 5 09:49:00 CEST 2020 

This sub-expression of two (16 bits, unsigned) operands
	(targetSymbol->st_shndx * eHdr->e_shentsize)
is promoted to type int (32 bits, signed) for multiplication and then
added to eHdr->e_shoff, which is of the type long (64 bits, unsigned).
Since eHdr->e_shoff is unsigned, the integer conversion rules dictates
that the other signed operand(i.e. the resultant of aforementioned
sub-expression) will be converted to unsigned type too. This causes
sign-extension for both of the above operands to match eHdr->e_shoff's
type and should be avoided.

The solution is to explicitly cast one of the operands of the
sub-expression with unsigned int type. Hence, the other operand will be
integer promoted and the resultant will also be of unsigned int type,
not requiring to bother about a sign-extension.

Reported-by: Coverity CID=280008
Reported-by: Coverity CID=280009
Reported-by: Coverity CID=280010
Signed-off-by: Umang Jain <email at uajain.com>
---
 src/libcamera/ipa_module.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/libcamera/ipa_module.cpp b/src/libcamera/ipa_module.cpp
index 91534b6..dd7538b 100644
--- a/src/libcamera/ipa_module.cpp
+++ b/src/libcamera/ipa_module.cpp
@@ -102,7 +102,8 @@ Span<uint8_t> elfLoadSymbol(Span<uint8_t> elf, const char *symbol)
 	if (!eHdr)
 		return {};
 
-	off_t offset = eHdr->e_shoff + eHdr->e_shentsize * eHdr->e_shstrndx;
+	off_t offset = eHdr->e_shoff + ((uint64_t)eHdr->e_shentsize *
+					eHdr->e_shstrndx);
 	ElfW(Shdr) *sHdr = elfPointer<ElfW(Shdr)>(elf, offset);
 	if (!sHdr)
 		return {};
@@ -167,7 +168,8 @@ Span<uint8_t> elfLoadSymbol(Span<uint8_t> elf, const char *symbol)
 	/* Locate and return data of symbol. */
 	if (targetSymbol->st_shndx >= eHdr->e_shnum)
 		return {};
-	offset = eHdr->e_shoff + targetSymbol->st_shndx * eHdr->e_shentsize;
+	offset = eHdr->e_shoff + ((uint64_t)targetSymbol->st_shndx *
+				  eHdr->e_shentsize);
 	sHdr = elfPointer<ElfW(Shdr)>(elf, offset);
 	if (!sHdr)
 		return {};
-- 
2.26.2

More information about the libcamera-devel mailing list