From f0d455f088510bf8a79aaccb2c67fc2a926b5b1a Mon Sep 17 00:00:00 2001 From: Dominique Martinet Date: Sat, 30 Jun 2018 09:59:44 +0900 Subject: [PATCH] drm backend: overflow fixes These operations are done in 32-bit arithmetics before being casted to 64-bit, thus can overflow before the cast. Casting early fixes the issue. Found through static analysis --- backend/drm/atomic.c | 4 ++-- backend/drm/drm.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/drm/atomic.c b/backend/drm/atomic.c index acc56e65..41b6424c 100644 --- a/backend/drm/atomic.c +++ b/backend/drm/atomic.c @@ -83,8 +83,8 @@ static void set_plane_props(struct atomic *atom, struct wlr_drm_plane *plane, // The src_* properties are in 16.16 fixed point atomic_add(atom, id, props->src_x, 0); atomic_add(atom, id, props->src_y, 0); - atomic_add(atom, id, props->src_w, plane->surf.width << 16); - atomic_add(atom, id, props->src_h, plane->surf.height << 16); + atomic_add(atom, id, props->src_w, (uint64_t)plane->surf.width << 16); + atomic_add(atom, id, props->src_h, (uint64_t)plane->surf.height << 16); atomic_add(atom, id, props->crtc_w, plane->surf.width); atomic_add(atom, id, props->crtc_h, plane->surf.height); atomic_add(atom, id, props->fb_id, fb_id); diff --git a/backend/drm/drm.c b/backend/drm/drm.c index c5db480e..f4a971a2 100644 --- a/backend/drm/drm.c +++ b/backend/drm/drm.c @@ -973,7 +973,7 @@ int handle_drm_event(int fd, uint32_t mask, void *data) { } void restore_drm_outputs(struct wlr_drm_backend *drm) { - uint64_t to_close = (1 << wl_list_length(&drm->outputs)) - 1; + uint64_t to_close = (1L << wl_list_length(&drm->outputs)) - 1; struct wlr_drm_connector *conn; wl_list_for_each(conn, &drm->outputs, link) {