drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()

It is possible, although unlikely, that an integer overflow will occur when the result of radeon_get_ib_value() is shifted to the left. Avoid it by casting one of the operands to larger data type (u64). Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Signed-off-by: Igor Artemiev <[email protected]> Signed-off-by: Alex Deucher <[email protected]>
author: Igor Artemiev <[email protected]> 2024-09-27 18:07:19 +0300
committer: Alex Deucher <[email protected]> 2024-10-01 17:41:09 -0400
commit: a1e2da6a5072f8abe5b0feaa91a5bcd9dc544a04 (patch)
tree: 0918aae467a14ffe96db9436be9a292389382b7e
parent: a3f4060e3733bb0b40438ddbdd01a4c8f48c594d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/gpu/drm/radeon/r600_cs.c b/drivers/gpu/drm/radeon/r600_cs.c
index 1b2d31c4d77c..ac77d1246b94 100644
--- a/drivers/gpu/drm/radeon/r600_cs.c
+++ b/drivers/gpu/drm/radeon/r600_cs.c
@@ -2104,7 +2104,7 @@ static int r600_packet3_check(struct radeon_cs_parser *p,
 				return -EINVAL;
 			}
 
-			offset = radeon_get_ib_value(p, idx+1) << 8;
+			offset = (u64)radeon_get_ib_value(p, idx+1) << 8;
 			if (offset != track->vgt_strmout_bo_offset[idx_value]) {
 				DRM_ERROR("bad STRMOUT_BASE_UPDATE, bo offset does not match: 0x%llx, 0x%x\n",
 					  offset, track->vgt_strmout_bo_offset[idx_value]);
author	Igor Artemiev <[email protected]>	2024-09-27 18:07:19 +0300
committer	Alex Deucher <[email protected]>	2024-10-01 17:41:09 -0400
commit	a1e2da6a5072f8abe5b0feaa91a5bcd9dc544a04 (patch)
tree	0918aae467a14ffe96db9436be9a292389382b7e
parent	a3f4060e3733bb0b40438ddbdd01a4c8f48c594d (diff)