On 11 January 2018 at 04:59, David Gibson <address@hidden> wrote:
From: BALATON Zoltan <address@hidden>
This is a common generic PCI SATA controller that is also used in PCs
but more importantly guests running on the Sam460ex board prefer this
card and have a driver for it (unlike for other SATA controllers
already emulated).
Signed-off-by: BALATON Zoltan <address@hidden>
Acked-by: John Snow <address@hidden>
Signed-off-by: David Gibson <address@hidden>
---
+ case 0x10:
+ val = d->i.bmdma[0].cmd;
+ val |= (d->regs[0].confstat & (1UL << 11) ? (1 << 4) : 0); /*SATAINT0*/
+ val |= (d->regs[1].confstat & (1UL << 11) ? (1 << 6) : 0); /*SATAINT1*/
+ val |= (d->i.bmdma[1].status & BM_STATUS_INT ? (1 << 14) : 0);
+ val |= d->i.bmdma[0].status << 16;
+ val |= d->i.bmdma[1].status << 24;
+ break;
Hi. Coverity points out (CID 1385151) that the << 24 here will
potentially inadvertently set the high 32 bits of val if the top
bit in bmdma[1].status is 1. (This is because in x << 24 where
x is uint8_t x gets promoted to signed int, and then when that
signed int with a high bit set is converted to uint64_t for the
logical or it's done by sign-extending.
Adding a cast, like
val |= (uint32_t)d->i.bmdma[1].status << 24;
should fix this.