misc: xilinx_sdfec: Prevent integer overflow in xsdfec_table_write()

The checking here needs to handle integer overflows because "offset" and "len" come from the user. Fixes: 20ec628e ("misc: xilinx_sdfec: Add ability to configure LDPC") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Dragan Cvetic <dragan.cvetic@xilinx.com> Link: https://lore.kernel.org/r/20190821071122.GD26957@mwandaSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

misc: xilinx_sdfec: Prevent integer overflow in xsdfec_table_write()
The checking here needs to handle integer overflows because "offset" and "len" come from the user. Fixes: 20ec628e ("misc: xilinx_sdfec: Add ability to configure LDPC") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Dragan Cvetic <dragan.cvetic@xilinx.com> Link: https://lore.kernel.org/r/20190821071122.GD26957@mwandaSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
6123f1fe · Dan Carpenter · Greg Kroah-Hartman · 56a635c0 · 6123f1fe
Commit 6123f1fe authored Aug 21, 2019 by Dan Carpenter Committed by Greg Kroah-Hartman Aug 22, 2019
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

drivers/misc/xilinx_sdfec.c drivers/misc/xilinx_sdfec.c +3 -1

No files found.
--- a/drivers/misc/xilinx_sdfec.c
+++ b/drivers/misc/xilinx_sdfec.c
@@ -611,7 +611,9 @@ static int xsdfec_table_write(struct xsdfec_dev *xsdfec, u32 offset,
 	 * Writes that go beyond the length of
 	 * Shared Scale(SC) table should fail
 	 */
-	if ((XSDFEC_REG_WIDTH_JUMP * (offset + len)) > depth) {
+	if (offset > depth / XSDFEC_REG_WIDTH_JUMP ||
+	    len > depth / XSDFEC_REG_WIDTH_JUMP ||
+	    offset + len > depth / XSDFEC_REG_WIDTH_JUMP) {
 		dev_dbg(xsdfec->dev, "Write exceeds SC table length");
 		return -EINVAL;
 	}