From: Bin Meng Date: Sat, 2 Sep 2017 15:15:36 +0000 (-0700) Subject: nvme: Fix potential sign extension issue in nvme_blk_rw() X-Git-Url: http://git.dujemihanovic.xyz/login.html?a=commitdiff_plain;h=52a5690efb034c16e1a81b4124c55aa27e3e0138;p=u-boot.git nvme: Fix potential sign extension issue in nvme_blk_rw() "lbas" with type "u16" (16 bits, unsigned) is promoted in "lbas << ns->lba_shift" to type "int" (32 bits, signed), then sign-extended to type "unsigned long long" (64 bits, unsigned). If "lbas << ns->lba_shift" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. Fix it by casting "lbas" to "u32". Reported-by: Coverity (CID: 166730) Signed-off-by: Bin Meng Reviewed-by: Tom Rini --- diff --git a/drivers/nvme/nvme.c b/drivers/nvme/nvme.c index 4448754aca..59d54eb93e 100644 --- a/drivers/nvme/nvme.c +++ b/drivers/nvme/nvme.c @@ -723,7 +723,7 @@ static ulong nvme_blk_rw(struct udevice *udev, lbaint_t blknr, &c, NULL, IO_TIMEOUT); if (status) break; - temp_len -= lbas << ns->lba_shift; + temp_len -= (u32)lbas << ns->lba_shift; buffer += lbas << ns->lba_shift; }