On 10/13/23 22:50, Sergey Shtylyov wrote:
In cfb_copyarea(), the local variable bits_per_line is needlessly typed as *unsigned long* -- which is a 32-bit type on the 32-bit arches and a 64-bit type on the 64-bit arches; that variable's value is derived from the __u32 typed fb_fix_screeninfo::line_length field (multiplied by 8u) and a 32-bit *unsigned int* type should still be enough to store the # of bits per line. Found by Linux Verification Center (linuxtesting.org) with the Svace static analysis tool. Signed-off-by: Sergey Shtylyov <s.shtylyov@xxxxxx>
applied both patches. Thanks! Helge
--- drivers/video/fbdev/core/cfbcopyarea.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/video/fbdev/core/cfbcopyarea.c b/drivers/video/fbdev/core/cfbcopyarea.c index 6d4bfeecee35..5b80bf3dae50 100644 --- a/drivers/video/fbdev/core/cfbcopyarea.c +++ b/drivers/video/fbdev/core/cfbcopyarea.c @@ -382,7 +382,7 @@ void cfb_copyarea(struct fb_info *p, const struct fb_copyarea *area) { u32 dx = area->dx, dy = area->dy, sx = area->sx, sy = area->sy; u32 height = area->height, width = area->width; - unsigned long const bits_per_line = p->fix.line_length*8u; + unsigned int const bits_per_line = p->fix.line_length * 8u; unsigned long __iomem *base = NULL; int bits = BITS_PER_LONG, bytes = bits >> 3; unsigned dst_idx = 0, src_idx = 0, rev_copy = 0;