[alsa-devel] bug report: aloop: potential signedness bug in loopback_prepare()
Hi Jaroslav,
sound/drivers/aloop.c +287 loopback_prepare(10) warn: bogus compare against zero: 'bps' 282 unsigned int bps, salign; 283 284 salign = (snd_pcm_format_width(runtime->format) * 285 runtime->channels) / 8; 286 bps = salign * runtime->rate; 287 if (bps <= 0 || salign <= 0) ^^^^^^^^^^^^^^^^^^^^^^^
Both "bps" and "salign" are unsigned and are never less than zero. Should this just be checking for == 0? Or was the check supposed to catch integer overflows?
288 return -EINVAL; 289
regards, dan carpenter
On Sat, 9 Oct 2010, Dan Carpenter wrote:
Hi Jaroslav,
sound/drivers/aloop.c +287 loopback_prepare(10) warn: bogus compare against zero: 'bps' 282 unsigned int bps, salign; 283 284 salign = (snd_pcm_format_width(runtime->format) * 285 runtime->channels) / 8; 286 bps = salign * runtime->rate; 287 if (bps <= 0 || salign <= 0) ^^^^^^^^^^^^^^^^^^^^^^^
Both "bps" and "salign" are unsigned and are never less than zero. Should this just be checking for == 0? Or was the check supposed to catch integer overflows?
The condition works for both signed and unsigned values. That was only reason why I did not write '==' there.
Jaroslav
----- Jaroslav Kysela perex@perex.cz Linux Kernel Sound Maintainer ALSA Project, Red Hat, Inc.
On Sat, Oct 09, 2010 at 02:14:30PM +0200, Jaroslav Kysela wrote:
On Sat, 9 Oct 2010, Dan Carpenter wrote:
Hi Jaroslav,
sound/drivers/aloop.c +287 loopback_prepare(10) warn: bogus compare against zero: 'bps' 282 unsigned int bps, salign; 283 284 salign = (snd_pcm_format_width(runtime->format) * 285 runtime->channels) / 8; 286 bps = salign * runtime->rate; 287 if (bps <= 0 || salign <= 0) ^^^^^^^^^^^^^^^^^^^^^^^
Both "bps" and "salign" are unsigned and are never less than zero. Should this just be checking for == 0? Or was the check supposed to catch integer overflows?
The condition works for both signed and unsigned values. That was only reason why I did not write '==' there.
Jaroslav
What I mean is that the less than zero part is never true. For example, the following test program will print "more" instead of "less".
regards, dan carpenter
#include <stdio.h>
int main(int argc, char **argv) { unsigned int x = -3;
if (x <= 0) printf("less\n"); else printf("more\n");
return 0; }
participants (2)
-
Dan Carpenter -
Jaroslav Kysela