Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
mlx5: Fix potential arithmetic overflow
Fix potential arithmetic overflow by converting byte_count's type to uint64_t. Prior to this conversion the temporary calculation of byte_count * repeat_count was done in 32-bit arithmetic and could overflow, thus resulting in an incorrect value stored in reglen, which is uint64_t. The following coverity check revealed it: Error: OVERFLOW_BEFORE_WIDEN (CWE-190): rdma-core-28.0/providers/mlx5/qp.c:2137: overflow_before_widen: Potentially overflowing expression "byte_count * repeat_count" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned). rdma-core-28.0/providers/mlx5/qp.c:2137: remediation: To avoid overflow, cast either "byte_count" or "repeat_count" to type "uint64_t". # 2135| # 2136| rb->byte_count = htobe32(byte_count); # 2137|-> *reglen = byte_count * repeat_count; # 2138| # 2139| tmp = align(num_interleaved + 1, 4) - num_interleaved - 1; Fixes: 75ed7a9 ("mlx5: Introduce mlx5dv_wr_mr_interleaved post send builder") Signed-off-by: Avihai Horon <avihaih@mellanox.com> Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
- Loading branch information