[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH-for-5.2] hw/arm/smmuv3: Fix potential integer overflow (CID 1
From: |
Auger Eric |
Subject: |
Re: [PATCH-for-5.2] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363) |
Date: |
Fri, 30 Oct 2020 16:19:43 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 |
Hi Philippe,
On 10/30/20 3:46 PM, Philippe Mathieu-Daudé wrote:
> Use the BIT_ULL() macro to ensure we use 64-bit arithmetic.
> This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN):
>
> CID 1432363 (#1 of 1): Unintentional integer overflow:
>
> overflow_before_widen:
> Potentially overflowing expression 1 << scale with type int
> (32 bits, signed) is evaluated using 32-bit arithmetic, and
> then used in a context that expects an expression of type
> hwaddr (64 bits, unsigned).
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Eric Auger <eric.auger@redhat.com>
Thanks!
Eric
> ---
> hw/arm/smmuv3.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
> index 2017ba7a5a7..22607c37841 100644
> --- a/hw/arm/smmuv3.c
> +++ b/hw/arm/smmuv3.c
> @@ -17,6 +17,7 @@
> */
>
> #include "qemu/osdep.h"
> +#include "qemu/bitops.h"
> #include "hw/irq.h"
> #include "hw/sysbus.h"
> #include "migration/vmstate.h"
> @@ -864,7 +865,7 @@ static void smmuv3_s1_range_inval(SMMUState *s, Cmd *cmd)
> scale = CMD_SCALE(cmd);
> num = CMD_NUM(cmd);
> ttl = CMD_TTL(cmd);
> - num_pages = (num + 1) * (1 << (scale));
> + num_pages = (num + 1) * BIT_ULL(scale);
> }
>
> if (type == SMMU_CMD_TLBI_NH_VA) {
>