From: Vincent BENAYOUN <vincent.benayoun@trust-in-soft.com>
Date: Thu, 13 Nov 2014 12:47:26 +0000 (+0100)
Subject: inetdevice: fixed signed integer overflow
X-Git-Tag: firefly_0821_release~3679^2~1123
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=07729b8d98ea785c58acf3272fe875e44daeb260;p=firefly-linux-kernel-4.4.55.git

inetdevice: fixed signed integer overflow

[ Upstream commit 84bc88688e3f6ef843aa8803dbcd90168bb89faf ]

There could be a signed overflow in the following code.

The expression, (32-logmask) is comprised between 0 and 31 included.
It may be equal to 31.
In such a case the left shift will produce a signed integer overflow.
According to the C99 Standard, this is an undefined behavior.
A simple fix is to replace the signed int 1 with the unsigned int 1U.

Signed-off-by: Vincent BENAYOUN <vincent.benayoun@trust-in-soft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h
index ea1e3b863890..770ecc90993b 100644
--- a/include/linux/inetdevice.h
+++ b/include/linux/inetdevice.h
@@ -261,7 +261,7 @@ static inline void in_dev_put(struct in_device *idev)
 static __inline__ __be32 inet_make_mask(int logmask)
 {
 	if (logmask)
-		return htonl(~((1<<(32-logmask))-1));
+		return htonl(~((1U<<(32-logmask))-1));
 	return 0;
 }