Sat Jan 23 17:02:25 2016 UTC ()
Convert unsigned char to wider type before left shift.

Avoids undefined behaviour if shifted quantity overflows int.

CID 980971


(riastradh)
diff -r1.42 -r1.43 src/sys/dev/usb/hid.c
cvs diff -r1.42 -r1.43 src/sys/dev/usb/Attic/hid.c (expand / switch to unified diff)

--- src/sys/dev/usb/Attic/hid.c 2016/01/10 17:44:48 1.42
+++ src/sys/dev/usb/Attic/hid.c 2016/01/23 17:02:25 1.43
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: hid.c,v 1.42 2016/01/10 17:44:48 jakllsch Exp $ */ 1/* $NetBSD: hid.c,v 1.43 2016/01/23 17:02:25 riastradh Exp $ */
2/* $FreeBSD: src/sys/dev/usb/hid.c,v 1.11 1999/11/17 22:33:39 n_hibma Exp $ */ 2/* $FreeBSD: src/sys/dev/usb/hid.c,v 1.11 1999/11/17 22:33:39 n_hibma Exp $ */
3 3
4/* 4/*
5 * Copyright (c) 1998 The NetBSD Foundation, Inc. 5 * Copyright (c) 1998 The NetBSD Foundation, Inc.
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * This code is derived from software contributed to The NetBSD Foundation 8 * This code is derived from software contributed to The NetBSD Foundation
9 * by Lennart Augustsson (lennart@augustsson.net) at 9 * by Lennart Augustsson (lennart@augustsson.net) at
10 * Carlstedt Research & Technology. 10 * Carlstedt Research & Technology.
11 * 11 *
12 * Redistribution and use in source and binary forms, with or without 12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions 13 * modification, are permitted provided that the following conditions
14 * are met: 14 * are met:
@@ -22,27 +22,27 @@ @@ -22,27 +22,27 @@
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
23 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
25 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31 * POSSIBILITY OF SUCH DAMAGE. 31 * POSSIBILITY OF SUCH DAMAGE.
32 */ 32 */
33 33
34#include <sys/cdefs.h> 34#include <sys/cdefs.h>
35__KERNEL_RCSID(0, "$NetBSD: hid.c,v 1.42 2016/01/10 17:44:48 jakllsch Exp $"); 35__KERNEL_RCSID(0, "$NetBSD: hid.c,v 1.43 2016/01/23 17:02:25 riastradh Exp $");
36 36
37#include <sys/param.h> 37#include <sys/param.h>
38#include <sys/systm.h> 38#include <sys/systm.h>
39#include <sys/kernel.h> 39#include <sys/kernel.h>
40#include <sys/malloc.h> 40#include <sys/malloc.h>
41 41
42#include <dev/usb/usb.h> 42#include <dev/usb/usb.h>
43#include <dev/usb/usbhid.h> 43#include <dev/usb/usbhid.h>
44 44
45#include <dev/usb/hid.h> 45#include <dev/usb/hid.h>
46 46
47#ifdef UHIDEV_DEBUG 47#ifdef UHIDEV_DEBUG
48#define DPRINTF(x) if (uhidevdebug) printf x 48#define DPRINTF(x) if (uhidevdebug) printf x
@@ -451,27 +451,27 @@ hid_get_udata(const u_char *buf, const s @@ -451,27 +451,27 @@ hid_get_udata(const u_char *buf, const s
451 u_int hpos = loc->pos; 451 u_int hpos = loc->pos;
452 u_int hsize = loc->size; 452 u_int hsize = loc->size;
453 u_int i, num, off; 453 u_int i, num, off;
454 u_long data; 454 u_long data;
455 455
456 if (hsize == 0) 456 if (hsize == 0)
457 return (0); 457 return (0);
458 458
459 data = 0; 459 data = 0;
460 off = hpos / 8; 460 off = hpos / 8;
461 num = (hpos + hsize + 7) / 8 - off; 461 num = (hpos + hsize + 7) / 8 - off;
462 462
463 for (i = 0; i < num; i++) 463 for (i = 0; i < num; i++)
464 data |= buf[off + i] << (i * 8); 464 data |= (unsigned long)buf[off + i] << (i * 8);
465 465
466 data >>= hpos % 8; 466 data >>= hpos % 8;
467 if (hsize < sizeof(data) * NBBY) 467 if (hsize < sizeof(data) * NBBY)
468 data &= (1UL << hsize) - 1; 468 data &= (1UL << hsize) - 1;
469 469
470 DPRINTFN(10,("hid_get_udata: loc %d/%d = %lu\n", hpos, hsize, data)); 470 DPRINTFN(10,("hid_get_udata: loc %d/%d = %lu\n", hpos, hsize, data));
471 return (data); 471 return (data);
472} 472}
473 473
474/* 474/*
475 * hid_is_collection(desc, size, id, usage) 475 * hid_is_collection(desc, size, id, usage)
476 * 476 *
477 * This function is broken in the following way. 477 * This function is broken in the following way.