| Message ID | 20230914154650.222111-1-clg@kaod.org |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] ppc/xive: Fix uint32_t overflow | expand |
Queued in gitlab.com/danielhb/qemu/tree/ppc-next. Thanks, Daniel On 9/14/23 12:46, Cédric Le Goater wrote: > As reported by Coverity, "idx << xive->pc_shift" is evaluated using > 32-bit arithmetic, and then used in a context expecting a "uint64_t". > Add a uint64_t cast. > > Fixes: Coverity CID 1519049 > Fixes: b68147b7a5bf ("ppc/xive: Add support for the PC MMIOs") > Signed-off-by: Cédric Le Goater <clg@kaod.org> > Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> > Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com> > --- > > v2: removed extra space after cast > > hw/intc/pnv_xive.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/intc/pnv_xive.c b/hw/intc/pnv_xive.c > index 9b10e905195a..bda3478b1f84 100644 > --- a/hw/intc/pnv_xive.c > +++ b/hw/intc/pnv_xive.c > @@ -210,7 +210,7 @@ static uint64_t pnv_xive_vst_addr_remote(PnvXive *xive, uint32_t type, > return 0; > } > > - remote_addr |= idx << xive->pc_shift; > + remote_addr |= ((uint64_t)idx) << xive->pc_shift; > > vst_addr = address_space_ldq_be(&address_space_memory, remote_addr, > MEMTXATTRS_UNSPECIFIED, &result);
diff --git a/hw/intc/pnv_xive.c b/hw/intc/pnv_xive.c index 9b10e905195a..bda3478b1f84 100644 --- a/hw/intc/pnv_xive.c +++ b/hw/intc/pnv_xive.c @@ -210,7 +210,7 @@ static uint64_t pnv_xive_vst_addr_remote(PnvXive *xive, uint32_t type, return 0; } - remote_addr |= idx << xive->pc_shift; + remote_addr |= ((uint64_t)idx) << xive->pc_shift; vst_addr = address_space_ldq_be(&address_space_memory, remote_addr, MEMTXATTRS_UNSPECIFIED, &result);
As reported by Coverity, "idx << xive->pc_shift" is evaluated using 32-bit arithmetic, and then used in a context expecting a "uint64_t". Add a uint64_t cast. Fixes: Coverity CID 1519049 Fixes: b68147b7a5bf ("ppc/xive: Add support for the PC MMIOs") Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com> --- v2: removed extra space after cast hw/intc/pnv_xive.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)