From: Aleksandar Markovic <aleksandar.markovic@rt-rk.com>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, amarkovic@wavecomp.com
Subject: [Qemu-devel] [PULL v2 1/8] hw/misc: mips_itu: Fix 32/64 bit issue in a line involving shift operator
Date: Thu, 21 Feb 2019 19:53:33 +0100 [thread overview]
Message-ID: <1550775220-26797-2-git-send-email-aleksandar.markovic@rt-rk.com> (raw)
In-Reply-To: <1550775220-26797-1-git-send-email-aleksandar.markovic@rt-rk.com>
From: Aleksandar Markovic <amarkovic@wavecomp.com>
Fix 32/64 bit issue in a line involving shift operator. "1 << ..."
calculation of size is done as a 32-bit signed integer which may
then be unintentionally sign-extended into the 64-bit result. The
problem was discovered by Coverity (CID 1398648). Using "1ULL"
instead of "1" on the LHS of the shift fixes this problem.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
hw/misc/mips_itu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/misc/mips_itu.c b/hw/misc/mips_itu.c
index 1257d8f..3afdbe6 100644
--- a/hw/misc/mips_itu.c
+++ b/hw/misc/mips_itu.c
@@ -94,7 +94,7 @@ void itc_reconfigure(MIPSITUState *tag)
if (tag->saar_present) {
address = ((*(uint64_t *) tag->saar) & 0xFFFFFFFFE000ULL) << 4;
- size = 1 << ((*(uint64_t *) tag->saar >> 1) & 0x1f);
+ size = 1ULL << ((*(uint64_t *) tag->saar >> 1) & 0x1f);
is_enabled = *(uint64_t *) tag->saar & 1;
}
--
2.7.4
next prev parent reply other threads:[~2019-02-21 18:54 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-21 18:53 [Qemu-devel] [PULL v2 0/8] MIPS queue for February 21st, 2019, v2 Aleksandar Markovic
2019-02-21 18:53 ` Aleksandar Markovic [this message]
2019-02-21 18:53 ` [Qemu-devel] [PULL v2 2/8] tests/tcg: target/mips: Correct path to headers in some test source files Aleksandar Markovic
2019-02-21 18:53 ` [Qemu-devel] [PULL v2 3/8] tests/tcg: target/mips: Change directory name 'bit-counting' to 'bit-count' Aleksandar Markovic
2019-02-21 18:53 ` [Qemu-devel] [PULL v2 4/8] tests/tcg: target/mips: Add wrappers for MSA integer compare instructions Aleksandar Markovic
2019-02-21 18:53 ` [Qemu-devel] [PULL v2 5/8] target/mips: implement QMP query-cpu-definitions command Aleksandar Markovic
2019-02-21 18:53 ` [Qemu-devel] [PULL v2 6/8] hw/pci-host/bonito.c: Add PCI mem region mapped at the correct address Aleksandar Markovic
2019-02-21 18:53 ` [Qemu-devel] [PULL v2 7/8] target/mips: fulong2e: Fix bios flash size Aleksandar Markovic
2019-02-21 18:53 ` [Qemu-devel] [PULL v2 8/8] target/mips: fulong2e: Dynamically generate SPD EEPROM data Aleksandar Markovic
2019-02-22 13:04 ` [Qemu-devel] [PULL v2 0/8] MIPS queue for February 21st, 2019, v2 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1550775220-26797-2-git-send-email-aleksandar.markovic@rt-rk.com \
--to=aleksandar.markovic@rt-rk.com \
--cc=amarkovic@wavecomp.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.