[PATCH] gadget: f_thor: fix wrong file size cast

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] gadget: f_thor: fix wrong file size cast

Seung-Woo Kim
Casting 32bit int value directly into 64bit unsigned type causes
wrong value for file size equal or larger than 2GB. Fix the wrong
file size by casting uint32_t first.

Fixes: commit 1fe9ae76b113 ("gadget: f_thor: update to support more than 4GB file as thor 5.0")
Reported-by: Junghoon Kim <[hidden email]>
Signed-off-by: Seung-Woo Kim <[hidden email]>
---
 drivers/usb/gadget/f_thor.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/usb/gadget/f_thor.c b/drivers/usb/gadget/f_thor.c
index 88fc87f2e9..559ffb759e 100644
--- a/drivers/usb/gadget/f_thor.c
+++ b/drivers/usb/gadget/f_thor.c
@@ -266,8 +266,8 @@ static long long int process_rqt_download(const struct rqt_box *rqt)
 
  switch (rqt->rqt_data) {
  case RQT_DL_INIT:
- thor_file_size = (unsigned long long int)rqt->int_data[0] +
- (((unsigned long long int)rqt->int_data[1])
+ thor_file_size = (uint64_t)(uint32_t)rqt->int_data[0] +
+ (((uint64_t)(uint32_t)rqt->int_data[1])
   << 32);
  debug("INIT: total %llu bytes\n", thor_file_size);
  break;
@@ -280,8 +280,8 @@ static long long int process_rqt_download(const struct rqt_box *rqt)
  break;
  }
 
- thor_file_size = (unsigned long long int)rqt->int_data[1] +
- (((unsigned long long int)rqt->int_data[2])
+ thor_file_size = (uint64_t)(uint32_t)rqt->int_data[1] +
+ (((uint64_t)(uint32_t)rqt->int_data[2])
   << 32);
  memcpy(f_name, rqt->str_data[0], F_NAME_BUF_SIZE);
  f_name[F_NAME_BUF_SIZE] = '\0';
--
2.19.2

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] gadget: f_thor: fix wrong file size cast

Jaehoon Chung
On 10/16/20 4:29 PM, Seung-Woo Kim wrote:
> Casting 32bit int value directly into 64bit unsigned type causes
> wrong value for file size equal or larger than 2GB. Fix the wrong
> file size by casting uint32_t first.
>
> Fixes: commit 1fe9ae76b113 ("gadget: f_thor: update to support more than 4GB file as thor 5.0")
> Reported-by: Junghoon Kim <[hidden email]>
> Signed-off-by: Seung-Woo Kim <[hidden email]>

Reviewed-by: Jaehoon Chung <[hidden email]>

Best Regards,
Jaehoon Chung

> ---
>  drivers/usb/gadget/f_thor.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/usb/gadget/f_thor.c b/drivers/usb/gadget/f_thor.c
> index 88fc87f2e9..559ffb759e 100644
> --- a/drivers/usb/gadget/f_thor.c
> +++ b/drivers/usb/gadget/f_thor.c
> @@ -266,8 +266,8 @@ static long long int process_rqt_download(const struct rqt_box *rqt)
>  
>   switch (rqt->rqt_data) {
>   case RQT_DL_INIT:
> - thor_file_size = (unsigned long long int)rqt->int_data[0] +
> - (((unsigned long long int)rqt->int_data[1])
> + thor_file_size = (uint64_t)(uint32_t)rqt->int_data[0] +
> + (((uint64_t)(uint32_t)rqt->int_data[1])
>    << 32);
>   debug("INIT: total %llu bytes\n", thor_file_size);
>   break;
> @@ -280,8 +280,8 @@ static long long int process_rqt_download(const struct rqt_box *rqt)
>   break;
>   }
>  
> - thor_file_size = (unsigned long long int)rqt->int_data[1] +
> - (((unsigned long long int)rqt->int_data[2])
> + thor_file_size = (uint64_t)(uint32_t)rqt->int_data[1] +
> + (((uint64_t)(uint32_t)rqt->int_data[2])
>    << 32);
>   memcpy(f_name, rqt->str_data[0], F_NAME_BUF_SIZE);
>   f_name[F_NAME_BUF_SIZE] = '\0';
>