If width and height are 0xffff (or close), the result of
multiplication overflow. Add casting to a larger type
to avoid undefined behavior.
Such values are possible in CODA7, but unlikely.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 918c66fd4126 ("[media] coda: add CODA7541 decoding support")
Signed-off-by: Anastasia Belova <abelova@xxxxxxxxxxxxx>
---
drivers/media/platform/chips-media/coda/coda-bit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/chips-media/coda/coda-bit.c b/drivers/media/platform/chips-media/coda/coda-bit.c
index ed47d5bd8d61..84ded154adfe 100644
--- a/drivers/media/platform/chips-media/coda/coda-bit.c
+++ b/drivers/media/platform/chips-media/coda/coda-bit.c
@@ -585,7 +585,7 @@ static int coda_alloc_context_buffers(struct coda_ctx *ctx,
if (!ctx->slicebuf.vaddr && q_data->fourcc == V4L2_PIX_FMT_H264) {
/* worst case slice size */
- size = (DIV_ROUND_UP(q_data->rect.width, 16) *
+ size = (unsigned long)(DIV_ROUND_UP(q_data->rect.width, 16) *
DIV_ROUND_UP(q_data->rect.height, 16)) * 3200 / 8 + 512;
ret = coda_alloc_context_buf(ctx, &ctx->slicebuf, size,
"slicebuf");
--
2.30.2
