From: Stefano Stabellini <stefano@aporeto.com>
Date: Fri, 9 Dec 2016 19:52:09 +0000 (-0800)
Subject: fix potential int overflow in efi/boot
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~3181
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=014723d9b3275d1b840118331fe198e29254d8fa;p=xen.git

fix potential int overflow in efi/boot

HorizontalResolution and VerticalResolution are 32bit, while size is
64bit. As it stands multiplications are evaluated with 32bit arithmetic,
which could overflow. Cast HorizontalResolution to 64bit to avoid that.

Coverity-ID: 1381858

Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
Acked-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c
index 56544dcb66..3e5e4ab0e9 100644
--- a/xen/common/efi/boot.c
+++ b/xen/common/efi/boot.c
@@ -684,10 +684,10 @@ static UINTN __init efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop,
             break;
         }
         if ( !cols && !rows &&
-             mode_info->HorizontalResolution *
+             (UINTN)mode_info->HorizontalResolution *
              mode_info->VerticalResolution > size )
         {
-            size = mode_info->HorizontalResolution *
+            size = (UINTN)mode_info->HorizontalResolution *
                    mode_info->VerticalResolution;
             gop_mode = i;
         }