On Tue, Sep 13, 2016 at 04:27:57PM +0800, Haibo Chen wrote:
Suspicious implicit sign extension exist. ext_csd[] is defined as "u8", capacity is defined as u64, so u8 is promoted to signed int first int the "|" expersion, then the sign extended to u64. if the tmp sign value is largeer than 0x7fffffff, after the sign extension, the upper bits of the result will all be 1. Thanks to coverity http://www.coverity.com
e.g. u8 data_8; u64 data_64;
data_8 = 0x80; data_64 = data_8 << 24; //0xffffffff80000000 data_64 = ((u64)data_8) << 24; //0x80000000
Signed-off-by: Haibo Chen haibo.chen@nxp.com
Please add a 'Reported-by: Coverity' and you can include the CID if you like.
drivers/mmc/mmc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/mmc/mmc.c b/drivers/mmc/mmc.c index 43ea0bb..c1d1dc6 100644 --- a/drivers/mmc/mmc.c +++ b/drivers/mmc/mmc.c @@ -1176,10 +1176,10 @@ static int mmc_startup(struct mmc *mmc) * ext_csd's capacity is valid if the value is more * than 2GB */
capacity = ext_csd[EXT_CSD_SEC_CNT] << 0| ext_csd[EXT_CSD_SEC_CNT + 1] << 8| ext_csd[EXT_CSD_SEC_CNT + 2] << 16| ext_csd[EXT_CSD_SEC_CNT + 3] << 24;
capacity = ((u64)ext_csd[EXT_CSD_SEC_CNT]) << 0| ((u64)ext_csd[EXT_CSD_SEC_CNT + 1]) << 8| ((u64)ext_csd[EXT_CSD_SEC_CNT + 2]) << 16| ((u64)ext_csd[EXT_CSD_SEC_CNT + 3]) << 24; capacity *= MMC_MAX_BLOCK_LEN; if ((capacity >> 20) > 2 * 1024) mmc->capacity_user = capacity;
Can't we just move capacity down to a u8 instead? Thanks!