src: Current code produces warnings for possible value overflows. (#6665)

As the input values are uint8_t types, any shift may result in value loss. Explicit promotion to the output type (uint32_t) keeps things safe. Have also changed the int32_t in ads1220_read_adc to uint32_t, type promotion and bit manipulation are a bit 'weird' on signed integers, so keep it as an unsigned to align with following function call parameter type. Have retained the prior explicit sign extension logic however. Signed-off-by: Bevan Weiss <bevan.weiss@gmail.com>
2024-08-15 12:14:19 +10:00
parent 3f2ef88eb9
commit c0edfbc4ea
3 changed files with 9 additions and 4 deletions
--- a/src/sensor_ads1220.c
+++ b/src/sensor_ads1220.c
@@ -86,7 +86,9 @@ ads1220_read_adc(struct ads1220_adc *ads1220, uint8_t oid)
    barrier();

    // create 24 bit int from bytes
-    int32_t counts = (msg[0] << 16) | (msg[1] << 8) | msg[2];
+    uint32_t counts = ((uint32_t)msg[0] << 16)
+                    | ((uint32_t)msg[1] << 8)
+                    | ((uint32_t)msg[2]);

    // extend 2's complement 24 bits to 32bits
    if (counts & 0x800000)