[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 17/26] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363)
|
From: |
Peter Maydell |
|
Subject: |
[PULL 17/26] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363) |
|
Date: |
Mon, 2 Nov 2020 17:09:56 +0000 |
From: Philippe Mathieu-Daudé <philmd@redhat.com>
Use the BIT_ULL() macro to ensure we use 64-bit arithmetic.
This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN):
CID 1432363 (#1 of 1): Unintentional integer overflow:
overflow_before_widen:
Potentially overflowing expression 1 << scale with type int
(32 bits, signed) is evaluated using 32-bit arithmetic, and
then used in a context that expects an expression of type
hwaddr (64 bits, unsigned).
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20201030144617.1535064-1-philmd@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/arm/smmuv3.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 2017ba7a5a7..22607c37841 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -17,6 +17,7 @@
*/
#include "qemu/osdep.h"
+#include "qemu/bitops.h"
#include "hw/irq.h"
#include "hw/sysbus.h"
#include "migration/vmstate.h"
@@ -864,7 +865,7 @@ static void smmuv3_s1_range_inval(SMMUState *s, Cmd *cmd)
scale = CMD_SCALE(cmd);
num = CMD_NUM(cmd);
ttl = CMD_TTL(cmd);
- num_pages = (num + 1) * (1 << (scale));
+ num_pages = (num + 1) * BIT_ULL(scale);
}
if (type == SMMU_CMD_TLBI_NH_VA) {
--
2.20.1
- [PULL 04/26] target/arm: Use neon_element_offset in vfp_reg_offset, (continued)
- [PULL 04/26] target/arm: Use neon_element_offset in vfp_reg_offset, Peter Maydell, 2020/11/02
- [PULL 06/26] target/arm: Expand read/write_neon_element32 to all MemOp, Peter Maydell, 2020/11/02
- [PULL 05/26] target/arm: Add read/write_neon_element32, Peter Maydell, 2020/11/02
- [PULL 07/26] target/arm: Rename neon_load_reg32 to vfp_load_reg32, Peter Maydell, 2020/11/02
- [PULL 08/26] target/arm: Add read/write_neon_element64, Peter Maydell, 2020/11/02
- [PULL 09/26] target/arm: Rename neon_load_reg64 to vfp_load_reg64, Peter Maydell, 2020/11/02
- [PULL 11/26] target/arm: Improve do_prewiden_3d, Peter Maydell, 2020/11/02
- [PULL 12/26] target/arm: Fix float16 pairwise Neon ops on big-endian hosts, Peter Maydell, 2020/11/02
- [PULL 10/26] target/arm: Simplify do_long_3d and do_2scalar_long, Peter Maydell, 2020/11/02
- [PULL 13/26] target/arm: Fix VUDOT/VSDOT (scalar) on big-endian hosts, Peter Maydell, 2020/11/02
- [PULL 17/26] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363),
Peter Maydell <=
- [PULL 16/26] disas/capstone: Fix monitor disassembly of >32 bytes, Peter Maydell, 2020/11/02
- [PULL 19/26] hw/display/omap_lcdc: Fix potential NULL pointer dereference, Peter Maydell, 2020/11/02
- [PULL 15/26] target/arm: fix LORID_EL1 access check, Peter Maydell, 2020/11/02
- [PULL 18/26] hw/arm/boot: fix SVE for EL3 direct kernel boot, Peter Maydell, 2020/11/02
- [PULL 14/26] target/arm: fix handling of HCR.FB, Peter Maydell, 2020/11/02
- [PULL 20/26] hw/display/exynos4210_fimd: Fix potential NULL pointer dereference, Peter Maydell, 2020/11/02
- [PULL 21/26] target/arm: Get correct MMU index for other-security-state, Peter Maydell, 2020/11/02
- [PULL 23/26] hw/intc/arm_gicv3_cpuif: Make GIC maintenance interrupts work, Peter Maydell, 2020/11/02
- [PULL 22/26] configure: Test that gio libs from pkg-config work, Peter Maydell, 2020/11/02
- [PULL 25/26] qemu-option-trace.rst.inc: Don't use option:: markup, Peter Maydell, 2020/11/02