diff options
| author | Daniel Henrique Barboza <dbarboza@ventanamicro.com> | 2025-01-21 15:48:47 -0300 |
|---|---|---|
| committer | Alistair Francis <alistair.francis@wdc.com> | 2025-03-04 15:42:54 +1000 |
| commit | b55538ea22c6474e62a311f5993f0f84caeb4131 (patch) | |
| tree | 62264476bbc3395bbb48043653bbf92bc0c66ae0 /rust/qemu-api | |
| parent | 485eb79989c6f9f00103ef2e62360ad9cf6a9b23 (diff) | |
| download | qemu-b55538ea22c6474e62a311f5993f0f84caeb4131.zip qemu-b55538ea22c6474e62a311f5993f0f84caeb4131.tar.gz qemu-b55538ea22c6474e62a311f5993f0f84caeb4131.tar.bz2 | |
target/riscv/cpu_helper.c: fix bad_shift in riscv_cpu_interrupt()
Coverity reported a BAD_SHIFT issue in the following code:
> 2097
>>>> CID 1590355: Integer handling issues (BAD_SHIFT)
>>>> In expression "hdeleg >> cause", right shifting by more than 63
bits has undefined behavior. The shift amount, "cause", is at least 64.
> 2098 vsmode_exc = env->virt_enabled && (((hdeleg >> cause) & 1) || vs_injected);
> 2099 /*
It is not clear to me how the tool guarantees that '"cause" is at least
64', but indeed there's no guarantees that it would be < 64 in the
'async = true' code path.
A simple fix to avoid a potential UB is to add a 'cause < 64' guard like
'mode' is already doing right before 'vsmode_exc'.
Resolves: Coverity CID 1590355
Fixes: 967760f62c ("target/riscv: Implement Ssdbltrp exception handling")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250121184847.2109128-6-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Diffstat (limited to 'rust/qemu-api')
0 files changed, 0 insertions, 0 deletions