aboutsummaryrefslogtreecommitdiff
path: root/util/cutils.c
diff options
context:
space:
mode:
authorFangrui Song <i@maskray.me>2019-11-22 09:00:39 +0100
committerMarkus Armbruster <armbru@redhat.com>2019-11-25 06:00:05 +0100
commit25f74087c695364dfaa87443b1040a3aa5c29008 (patch)
treeb887c91b7bf15b6bef1e614004c9c0b078347b41 /util/cutils.c
parent2061735ff09f9d5e67c501a96227b470e7de69b1 (diff)
downloadqemu-25f74087c695364dfaa87443b1040a3aa5c29008.zip
qemu-25f74087c695364dfaa87443b1040a3aa5c29008.tar.gz
qemu-25f74087c695364dfaa87443b1040a3aa5c29008.tar.bz2
util/cutils: Fix incorrect integer->float conversion caught by clang
Clang does not like do_strtosz()'s code to guard against overflow: qemu/util/cutils.c:245:23: error: implicit conversion from 'unsigned long' to 'double' changes value from 18446744073709550592 to 18446744073709551616 [-Werror,-Wimplicit-int-float-conversion] The warning will be enabled by default in clang 10. It is not available for clang <= 9. val * mul >= 0xfffffffffffffc00 is indeed wrong. 0xfffffffffffffc00 is not representable exactly as double. It's half-way between the representable values 0xfffffffffffff800 and 0x10000000000000000. Which one we get is implementation-defined. Bad. We want val * mul > (the largest uint64_t exactly representable as double). That's 0xfffffffffffff800. Write it as nextafter(0x1p64, 0) with a suitable comment. Signed-off-by: Fangrui Song <i@maskray.me> Reviewed-by: Markus Armbruster <armbru@redhat.com> [Patch split, commit message improved] Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20191122080039.12771-3-armbru@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Juan Quintela <quintela@redhat.com>
Diffstat (limited to 'util/cutils.c')
-rw-r--r--util/cutils.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/util/cutils.c b/util/cutils.c
index fd591ca..77acadc 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -239,10 +239,12 @@ static int do_strtosz(const char *nptr, const char **end,
goto out;
}
/*
- * Values >= 0xfffffffffffffc00 overflow uint64_t after their trip
- * through double (53 bits of precision).
+ * Values near UINT64_MAX overflow to 2**64 when converting to double
+ * precision. Compare against the maximum representable double precision
+ * value below 2**64, computed as "the next value after 2**64 (0x1p64) in
+ * the direction of 0".
*/
- if ((val * mul >= 0xfffffffffffffc00) || val < 0) {
+ if ((val * mul > nextafter(0x1p64, 0)) || val < 0) {
retval = -ERANGE;
goto out;
}