[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] hw/timer: fix possible int overflow
From: |
Peter Maydell |
Subject: |
Re: [PATCH] hw/timer: fix possible int overflow |
Date: |
Fri, 8 Nov 2024 16:47:02 +0000 |
On Wed, 6 Nov 2024 at 08:38, Dmitry Frolov <frolov@swemel.ru> wrote:
>
> The product "icnto * s->tcntb" may overflow uint32_t.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
> ---
> hw/timer/exynos4210_mct.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c
> index e807fe2de9..5c6e139b20 100644
> --- a/hw/timer/exynos4210_mct.c
> +++ b/hw/timer/exynos4210_mct.c
> @@ -815,7 +815,7 @@ static uint32_t exynos4210_ltick_cnt_get_cnto(struct
> tick_timer *s)
> /* Both are counting */
> icnto = remain / s->tcntb;
> if (icnto) {
> - tcnto = remain % (icnto * s->tcntb);
> + tcnto = remain % ((uint64_t)icnto * s->tcntb);
> } else {
> tcnto = remain % s->tcntb;
> }
> --
Applied to target-arm.next, thanks.
-- PMM