On Wed, Oct 30, 2013 at 12:54:20AM +0100, Peter Huewe wrote: > Coverity complains about > "Improper use of negative value > The negative value may be unexpected by later operations, causing > incorrect computations. > In tpm_stm_i2c_send: Negative value can be returned from function is not > being checked before being used improperly (CWE-394)" > > The 'get_burstcount' function can in some circumstances 'return -EBUSY' which > in tpm_stm_i2c_send is stored in an 'u32 burstcnt' > thus converting the signed value into an unsigned value, resulting > in 'burstcnt' being huge. > Changing the type to u32 only does not solve the problem as the signed > value is converted to an unsigned in I2C_WRITE_DATA, resulting in the > same effect. > > Thus > -> Change type of burstcnt to u32 (the return type of get_burstcount) > -> Add a check for the return value of 'get_burstcount' and propagate a > potential error. > > This makes also sense in the 'I2C_READ_DATA' case, where the there is no > signed/unsigned conversion. > > CID: 986658 What is this field for? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html