be32_to_cpu() macro in some cases may be expanded to an expression that evaluates its arguments multiple times. Because of the decrement in argument it has unexpected result in such cases. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx> Fixes: 7613636def82 ("[CRYPTO] api: Add crypto_inc and crypto_xor") --- crypto/algapi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/algapi.c b/crypto/algapi.c index 5c69ff8e8fa5..18f14aed1658 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -987,7 +987,8 @@ void crypto_inc(u8 *a, unsigned int size) if (IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) || IS_ALIGNED((unsigned long)b, __alignof__(*b))) for (; size >= 4; size -= 4) { - c = be32_to_cpu(*--b) + 1; + b--; + c = be32_to_cpu(*b) + 1; *b = cpu_to_be32(c); if (likely(c)) return; -- 2.7.4