aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksandar Markovic <amarkovic@wavecomp.com>2019-02-18 08:32:48 +0100
committerAleksandar Markovic <amarkovic@wavecomp.com>2019-02-21 19:36:47 +0100
commitcd3ed7db22bafbabcb881f51c168a7cf5aecfa51 (patch)
tree1523dfb79559e0939631a345ad22a6ea374e656d
parentfc3dbb90f2eb069801bfb4cfe9cbc83cf9c5f4a9 (diff)
downloadqemu-cd3ed7db22bafbabcb881f51c168a7cf5aecfa51.zip
qemu-cd3ed7db22bafbabcb881f51c168a7cf5aecfa51.tar.gz
qemu-cd3ed7db22bafbabcb881f51c168a7cf5aecfa51.tar.bz2
hw/misc: mips_itu: Fix 32/64 bit issue in a line involving shift operator
Fix 32/64 bit issue in a line involving shift operator. "1 << ..." calculation of size is done as a 32-bit signed integer which may then be unintentionally sign-extended into the 64-bit result. The problem was discovered by Coverity (CID 1398648). Using "1ULL" instead of "1" on the LHS of the shift fixes this problem. Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-rw-r--r--hw/misc/mips_itu.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/misc/mips_itu.c b/hw/misc/mips_itu.c
index 1257d8f..3afdbe6 100644
--- a/hw/misc/mips_itu.c
+++ b/hw/misc/mips_itu.c
@@ -94,7 +94,7 @@ void itc_reconfigure(MIPSITUState *tag)
if (tag->saar_present) {
address = ((*(uint64_t *) tag->saar) & 0xFFFFFFFFE000ULL) << 4;
- size = 1 << ((*(uint64_t *) tag->saar >> 1) & 0x1f);
+ size = 1ULL << ((*(uint64_t *) tag->saar >> 1) & 0x1f);
is_enabled = *(uint64_t *) tag->saar & 1;
}