Re: [PULL 06/15] target/s390x: vxeh2: vector string search

qemu-s390x

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PULL 06/15] target/s390x: vxeh2: vector string search

From:	Peter Maydell
Subject:	Re: [PULL 06/15] target/s390x: vxeh2: vector string search
Date:	Fri, 13 May 2022 16:54:47 +0100

On Wed, 4 May 2022 at 12:55, Thomas Huth <thuth@redhat.com> wrote:
>
> From: David Miller <dmiller423@gmail.com>

Hi; Coverity thinks there might be an unintentional overflow
in a shift in this function (CID 1488734). This particular
Coverity heuristic seems to be very prone to false positives, so
if you think it's wrong I'll just mark it off as an FP in the web UI.

> +static int vstrs(S390Vector *v1, const S390Vector *v2, const S390Vector *v3,
> +                 const S390Vector *v4, uint8_t es, bool zs)
> +{
> +    int substr_elen, substr_0, str_elen, i, j, k, cc;
> +    int nelem = 16 >> es;
> +    bool eos = false;
> +
> +    substr_elen = s390_vec_read_element8(v4, 7) >> es;
> +
> +    /* If ZS, bound substr length by min(nelem, strlen(v3)). */

[..]

> + done:
> +    s390_vec_write_element64(v1, 0, k << es);

Specifically here, because k is 32 bit but s390_vec_write_element64()
takes a uint64_t argument, we will do the shift as a signed 32 bit
value before widening to 64 bits, so if the values of 'k' and 'es'
are such that we might shift beyond bit 32 we'll get the wrong
value. It looks like 'es' is one of the MO_* values, so generally
small, but the upper bound on 'k' is a bit less obvious to me.
Is the overflow-of-32-bits case impossible?

> +    s390_vec_write_element64(v1, 1, 0);
> +    return cc;
> +}

thanks
-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 00/15] s390x patches, Thomas Huth, 2022/05/04
- [PULL 02/15] s390x/cpu_models: drop "msa5" from the TCG "max" model, Thomas Huth, 2022/05/04
- [PULL 03/15] s390x/cpu_models: make "max" match the unmodified "qemu" CPU model under TCG, Thomas Huth, 2022/05/04
- [PULL 01/15] target/s390x: Fix writeback to v1 in helper_vstl, Thomas Huth, 2022/05/04
- [PULL 04/15] tcg: Implement tcg_gen_{h,w}swap_{i32,i64}, Thomas Huth, 2022/05/04
- [PULL 06/15] target/s390x: vxeh2: vector string search, Thomas Huth, 2022/05/04
  - Re: [PULL 06/15] target/s390x: vxeh2: vector string search, Peter Maydell <=
    - Re: [PULL 06/15] target/s390x: vxeh2: vector string search, Richard Henderson, 2022/05/13
    - Re: [PULL 06/15] target/s390x: vxeh2: vector string search, Peter Maydell, 2022/05/13
- [PULL 13/15] tests/tcg/s390x: Tests for Vector Enhancements Facility 2, Thomas Huth, 2022/05/04
- [PULL 08/15] target/s390x: vxeh2: vector shift double by bit, Thomas Huth, 2022/05/04
- [PULL 07/15] target/s390x: vxeh2: Update for changes to vector shifts, Thomas Huth, 2022/05/04
- [PULL 09/15] target/s390x: vxeh2: vector {load, store} elements reversed, Thomas Huth, 2022/05/04
- [PULL 05/15] target/s390x: vxeh2: vector convert short/32b, Thomas Huth, 2022/05/04
- [PULL 10/15] target/s390x: vxeh2: vector {load, store} byte reversed elements, Thomas Huth, 2022/05/04
- [PULL 12/15] target/s390x: add S390_FEAT_VECTOR_ENH2 to qemu CPU model, Thomas Huth, 2022/05/04
- [PULL 15/15] tests/tcg/s390x: Use a different PCRel32 notation in branch-relative-long.c, Thomas Huth, 2022/05/04

Prev by Date: Re: [PATCH 0/2] s390x: kvm: Honor storage keys during emulation
Next by Date: Re: [PULL 06/15] target/s390x: vxeh2: vector string search
Previous by thread: [PULL 06/15] target/s390x: vxeh2: vector string search
Next by thread: Re: [PULL 06/15] target/s390x: vxeh2: vector string search
Index(es):
- Date
- Thread