On Fri, 16 Aug 2019 09:28:35 +0300
Alexandru Ardelean <alexandru.ardelean@xxxxxxxxxx> wrote:
> Caught via static-analysis checker:
> ```
> drivers/iio/imu/adis16460.c
> 152 static int adis16460_set_freq(struct iio_dev *indio_dev, int val, int val2)
> 153 {
> 154 struct adis16460 *st = iio_priv(indio_dev);
> 155 unsigned int t;
> ^^^^^^^^^^^^^^
>
> 156
> 157 t = val * 1000 + val2 / 1000;
> 158 if (t <= 0)
> ^^^^^^
> Unsigned is not less than zero.
> ```
>
> The types of `val` && `val2` are obtained from the IIO `write_raw` hook, so
> userspace can provide negative values, which can cause weird behavior after
> conversion to unsigned.
>
> This patch changes the sign of variable `t` so that -EINVAL will be
> returned for negative values as well.
>
> Fixes: db6ed4d23dd1 ("iio: imu: Add support for the ADIS16460 IMU")
> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Signed-off-by: Alexandru Ardelean <alexandru.ardelean@xxxxxxxxxx>
Applied to the togreg branch of iio.git and pushed out as testing for
the autobuilders to play with it.
Thanks,
Jonathan
> ---
> drivers/iio/imu/adis16460.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/iio/imu/adis16460.c b/drivers/iio/imu/adis16460.c
> index 1ef11640ee20..6aed9e84abbf 100644
> --- a/drivers/iio/imu/adis16460.c
> +++ b/drivers/iio/imu/adis16460.c
> @@ -152,7 +152,7 @@ static int adis16460_debugfs_init(struct iio_dev *indio_dev)
> static int adis16460_set_freq(struct iio_dev *indio_dev, int val, int val2)
> {
> struct adis16460 *st = iio_priv(indio_dev);
> - unsigned int t;
> + int t;
>
> t = val * 1000 + val2 / 1000;
> if (t <= 0)
