From: Antti Palosaari <crope@iki.fi>
Date: Sat, 5 Apr 2014 20:23:41 +0000 (-0300)
Subject: [media] msi001: fix possible integer overflow
X-Git-Tag: v3.15-rc1~13^2~22
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=82932d4cff46627bc1a693893326400aab5f8967;p=karo-tx-linux.git

[media] msi001: fix possible integer overflow

Coverity CID 1196502: Unintentional integer overflow
(OVERFLOW_BEFORE_WIDEN)

Potentially overflowing expression "(f_rf + f_if + f_if1) * lo_div"
with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit
arithmetic before being used in a context which expects an expression
of type "u64" (64 bits, unsigned). To avoid overflow, cast either
operand to "u64" before performing the multiplication.

Reported-by: <scan-admin@coverity.com>
Signed-off-by: Antti Palosaari <crope@iki.fi>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
---

diff --git a/drivers/staging/media/msi3101/msi001.c b/drivers/staging/media/msi3101/msi001.c
index ac43bae10102..bd0b93cb6c53 100644
--- a/drivers/staging/media/msi3101/msi001.c
+++ b/drivers/staging/media/msi3101/msi001.c
@@ -201,7 +201,7 @@ static int msi001_set_tuner(struct msi001 *s)
 	dev_dbg(&s->spi->dev, "%s: bandwidth selected=%d\n",
 			__func__, bandwidth_lut[i].freq);
 
-	f_vco = (f_rf + f_if + f_if1) * lo_div;
+	f_vco = (u64) (f_rf + f_if + f_if1) * lo_div;
 	tmp64 = f_vco;
 	m = do_div(tmp64, F_REF * R_REF);
 	n = (unsigned int) tmp64;