[Bug Report] drivers/video/fbdev/da8xx-fb.c: undefined behavior when left shifting
Changming Liu
liu.changm at northeastern.edu
Fri May 22 03:01:25 UTC 2020
Hi Bartlomiej,
Greetings, it's me again, I sent you a bug report yesterday, I hope that find you well.
This time I found that in /drivers/video/fbdev/da8xx-fb.c
function lcd_cfg_vertical_sync, there might be an undefined result by left shifting.
More specifically, in function lcd_cfg_vertical_sync, line 437. back_porch is a signed integer
which might come from user space. And it's logic AND with string literal 0xff. The result is then left shifted by 24 bits.
The problem is, since the logic AND produce a signed integer and the result of left shifting this signed integer
(whose lowest 8 bits not cleared) by 24 bits is undefined when its 8th bit is 1. Similar patterns can be found in line 410 as well.
I wonder if this bug is worth fixing? This can help me understand linux and UB a lot.
Looking forward to you valuable response.
Best regards,
Changming Liu
More information about the dri-devel
mailing list