Unverified Commit 05cd9bc3 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!10485 fix CVE-2024-42086 

Merge Pull Request from: @ci-robot 
 
PR sync from: Hongbo Li <lihongbo22@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/HEJWAFS5SNG3HXO6HSKXCKOMDN7JPENE/ 
Fix CVE-2024-42086.

Vasileios Amoiridis (1):
  iio: chemical: bme680: Fix overflows in compensate() functions


-- 
2.34.1
 
https://gitee.com/src-openeuler/kernel/issues/IAGEOZ 
 
Link:https://gitee.com/openeuler/kernel/pulls/10485

 

Reviewed-by: default avatarZhang Jianhua <chris.zjh@huawei.com>
Reviewed-by: default avatarLiu YongQiang <liuyongqiang13@huawei.com>
Signed-off-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
parents dd4e900d cb10d70d

drivers/iio/chemical/bme680_core.c

+6 −6
Original line number Original line Diff line number Diff line
@@ -348,10 +348,10 @@ static s16 bme680_compensate_temp(struct bme680_data *data, 
	if (!calib->par_t2)

	if (!calib->par_t2)

		bme680_read_calib(data, calib);

		bme680_read_calib(data, calib);





	var1 = (adc_temp >> 3) - (calib->par_t1 << 1);

	var1 = (adc_temp >> 3) - ((s32)calib->par_t1 << 1);

	var2 = (var1 * calib->par_t2) >> 11;

	var2 = (var1 * calib->par_t2) >> 11;

	var3 = ((var1 >> 1) * (var1 >> 1)) >> 12;

	var3 = ((var1 >> 1) * (var1 >> 1)) >> 12;

	var3 = (var3 * (calib->par_t3 << 4)) >> 14;

	var3 = (var3 * ((s32)calib->par_t3 << 4)) >> 14;

	data->t_fine = var2 + var3;

	data->t_fine = var2 + var3;

	calc_temp = (data->t_fine * 5 + 128) >> 8;

	calc_temp = (data->t_fine * 5 + 128) >> 8;
@@ -374,9 +374,9 @@ static u32 bme680_compensate_press(struct bme680_data *data, 
	var1 = (data->t_fine >> 1) - 64000;

	var1 = (data->t_fine >> 1) - 64000;

	var2 = ((((var1 >> 2) * (var1 >> 2)) >> 11) * calib->par_p6) >> 2;

	var2 = ((((var1 >> 2) * (var1 >> 2)) >> 11) * calib->par_p6) >> 2;

	var2 = var2 + (var1 * calib->par_p5 << 1);

	var2 = var2 + (var1 * calib->par_p5 << 1);

	var2 = (var2 >> 2) + (calib->par_p4 << 16);

	var2 = (var2 >> 2) + ((s32)calib->par_p4 << 16);

	var1 = (((((var1 >> 2) * (var1 >> 2)) >> 13) *

	var1 = (((((var1 >> 2) * (var1 >> 2)) >> 13) *

			(calib->par_p3 << 5)) >> 3) +

			((s32)calib->par_p3 << 5)) >> 3) +

			((calib->par_p2 * var1) >> 1);

			((calib->par_p2 * var1) >> 1);

	var1 = var1 >> 18;

	var1 = var1 >> 18;

	var1 = ((32768 + var1) * calib->par_p1) >> 15;

	var1 = ((32768 + var1) * calib->par_p1) >> 15;
@@ -394,7 +394,7 @@ static u32 bme680_compensate_press(struct bme680_data *data, 
	var3 = ((press_comp >> 8) * (press_comp >> 8) *

	var3 = ((press_comp >> 8) * (press_comp >> 8) *

			(press_comp >> 8) * calib->par_p10) >> 17;

			(press_comp >> 8) * calib->par_p10) >> 17;





	press_comp += (var1 + var2 + var3 + (calib->par_p7 << 7)) >> 4;

	press_comp += (var1 + var2 + var3 + ((s32)calib->par_p7 << 7)) >> 4;





	return press_comp;

	return press_comp;

}

}
@@ -420,7 +420,7 @@ static u32 bme680_compensate_humid(struct bme680_data *data, 
		 (((temp_scaled * ((temp_scaled * calib->par_h5) / 100))

		 (((temp_scaled * ((temp_scaled * calib->par_h5) / 100))

		   >> 6) / 100) + (1 << 14))) >> 10;

		   >> 6) / 100) + (1 << 14))) >> 10;

	var3 = var1 * var2;

	var3 = var1 * var2;

	var4 = calib->par_h6 << 7;

	var4 = (s32)calib->par_h6 << 7;

	var4 = (var4 + ((temp_scaled * calib->par_h7) / 100)) >> 4;

	var4 = (var4 + ((temp_scaled * calib->par_h7) / 100)) >> 4;

	var5 = ((var3 >> 14) * (var3 >> 14)) >> 10;

	var5 = ((var3 >> 14) * (var3 >> 14)) >> 10;

	var6 = (var4 * var5) >> 1;

	var6 = (var4 * var5) >> 1;