[PATCH 08/12] fs: exfat: Fix conversion overflow errors

Mon Mar 10 12:17:26 CET 2025

Hi Marek,

On 3/8/25 9:12 PM, Marek Vasut wrote:
> Fix the following conversion overflow errors. The input field is already
> limited to 3/2/1 bits using the bitwise and, move the parenthesis around
> to avoid the bogus warning:
> 
> "
> fs/exfat/utf.c: In function ‘utf8_to_wchar’:
> fs/exfat/utf.c:165:23: warning: overflow in conversion from ‘int’ to ‘wchar_t’ {aka ‘short unsigned int’} changes value from ‘(int)(short unsigned int)*input << 18 & 1835008’ to ‘0’ [-Woverflow]
>    165 |                 *wc = ((wchar_t) input[0] & 0x07) << 18;
>        |                       ^
> fs/exfat/utf.c:170:23: warning: overflow in conversion from ‘int’ to ‘wchar_t’ {aka ‘short unsigned int’} changes value from ‘(int)(short unsigned int)*input << 24 & 50331648’ to ‘0’ [-Woverflow]
>    170 |                 *wc = ((wchar_t) input[0] & 0x03) << 24;
>        |                       ^
> fs/exfat/utf.c:175:23: warning: overflow in conversion from ‘int’ to ‘wchar_t’ {aka ‘short unsigned int’} changes value from ‘(int)(short unsigned int)*input << 30 & 1073741824’ to ‘0’ [-Woverflow]
>    175 |                 *wc = ((wchar_t) input[0] & 0x01) << 30;
>        |                       ^
> "
> 

Since this doesn't seem to be U-Boot-specific, any chance to open a Pull 
Request on the project so we may be able to not carry this patch when 
upgrading (yes, the last commit in the branch was two years ago, but it 
seems the maintainer is still active on issues).

Considering that wchar_t is an unsigned short int and that USHRT_MAX is 
0xffff (so 2B or 16b)...

> Signed-off-by: Marek Vasut <marex at denx.de>
> ---
> Cc: Baruch Siach <baruch at tkos.co.il>
> Cc: Francesco Dolcini <francesco.dolcini at toradex.com>
> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
> Cc: Hiago De Franco <hiago.franco at toradex.com>
> Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Cc: Nam Cao <namcao at linutronix.de>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Sughosh Ganu <sughosh.ganu at linaro.org>
> Cc: Tom Rini <trini at konsulko.com>
> Cc: u-boot at lists.denx.de
> ---
>   fs/exfat/utf.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/exfat/utf.c b/fs/exfat/utf.c
> index b1d09e76478..5be8dcc2170 100644
> --- a/fs/exfat/utf.c
> +++ b/fs/exfat/utf.c
> @@ -162,17 +162,17 @@ static const char* utf8_to_wchar(const char* input, wchar_t* wc,
>   	}
>   	else if ((input[0] & 0xf8) == 0xf0)
>   	{
> -		*wc = ((wchar_t) input[0] & 0x07) << 18;
> +		*wc = (wchar_t)((input[0] & 0x07) << 18);
>   		size = 4;
>   	}
>   	else if ((input[0] & 0xfc) == 0xf8)
>   	{
> -		*wc = ((wchar_t) input[0] & 0x03) << 24;
> +		*wc = (wchar_t)((input[0] & 0x03) << 24);
>   		size = 5;
>   	}
>   	else if ((input[0] & 0xfe) == 0xfc)
>   	{
> -		*wc = ((wchar_t) input[0] & 0x01) << 30;
> +		*wc = (wchar_t)((input[0] & 0x01) << 30);

... wouldn't those still overflow? I assume unsigned short int like int 
may have an architecture-dependent size, but seems to be at least 2B, 
which wouldn't be enough to store all that?

Cheers,
Quentin