Coverity complains about qemu_memfd_create() (CID 1385858) because
we calculate a bit position htsize which could be up to 63, but
then use it in "1 << htsize" which is a 32-bit integer calculation
and could push the 1 off the top of the value.
Silence the complaint bu using "1ULL"; this isn't a bug in
practice since a hugetlbsize of 4GB is not very plausible.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
util/memfd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/memfd.c b/util/memfd.c
index b3ecbac19e..d248a53c3c 100644
--- a/util/memfd.c
+++ b/util/memfd.c
@@ -66,7 +66,7 @@ int qemu_memfd_create(const char *name, size_t size, bool hugetlb,
{
int htsize = hugetlbsize ? ctz64(hugetlbsize) : 0;
- if (htsize && 1 << htsize != hugetlbsize) {
+ if (htsize && 1ULL << htsize != hugetlbsize) {
error_setg(errp, "Hugepage size must be a power of 2");
return -1;
}
--
2.17.0
On Tue, May 15, 2018 at 7:27 PM, Peter Maydell <peter.maydell@linaro.org> wrote: > Coverity complains about qemu_memfd_create() (CID 1385858) because > we calculate a bit position htsize which could be up to 63, but > then use it in "1 << htsize" which is a 32-bit integer calculation > and could push the 1 off the top of the value. > > Silence the complaint bu using "1ULL"; this isn't a bug in > practice since a hugetlbsize of 4GB is not very plausible. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Thanks Peter for the fix, Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> > --- > util/memfd.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/util/memfd.c b/util/memfd.c > index b3ecbac19e..d248a53c3c 100644 > --- a/util/memfd.c > +++ b/util/memfd.c > @@ -66,7 +66,7 @@ int qemu_memfd_create(const char *name, size_t size, bool hugetlb, > { > int htsize = hugetlbsize ? ctz64(hugetlbsize) : 0; > > - if (htsize && 1 << htsize != hugetlbsize) { > + if (htsize && 1ULL << htsize != hugetlbsize) { > error_setg(errp, "Hugepage size must be a power of 2"); > return -1; > } > -- > 2.17.0 > > -- Marc-André Lureau
Peter Maydell <peter.maydell@linaro.org> writes: > Coverity complains about qemu_memfd_create() (CID 1385858) because > we calculate a bit position htsize which could be up to 63, but > then use it in "1 << htsize" which is a 32-bit integer calculation > and could push the 1 off the top of the value. > > Silence the complaint bu using "1ULL"; this isn't a bug in > practice since a hugetlbsize of 4GB is not very plausible. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> > --- > util/memfd.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/util/memfd.c b/util/memfd.c > index b3ecbac19e..d248a53c3c 100644 > --- a/util/memfd.c > +++ b/util/memfd.c > @@ -66,7 +66,7 @@ int qemu_memfd_create(const char *name, size_t size, bool hugetlb, > { > int htsize = hugetlbsize ? ctz64(hugetlbsize) : 0; > > - if (htsize && 1 << htsize != hugetlbsize) { > + if (htsize && 1ULL << htsize != hugetlbsize) { > error_setg(errp, "Hugepage size must be a power of 2"); > return -1; > } -- Alex Bennée
On 15/05/2018 19:27, Peter Maydell wrote: > Coverity complains about qemu_memfd_create() (CID 1385858) because > we calculate a bit position htsize which could be up to 63, but > then use it in "1 << htsize" which is a 32-bit integer calculation > and could push the 1 off the top of the value. > > Silence the complaint bu using "1ULL"; this isn't a bug in > practice since a hugetlbsize of 4GB is not very plausible. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > util/memfd.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/util/memfd.c b/util/memfd.c > index b3ecbac19e..d248a53c3c 100644 > --- a/util/memfd.c > +++ b/util/memfd.c > @@ -66,7 +66,7 @@ int qemu_memfd_create(const char *name, size_t size, bool hugetlb, > { > int htsize = hugetlbsize ? ctz64(hugetlbsize) : 0; > > - if (htsize && 1 << htsize != hugetlbsize) { > + if (htsize && 1ULL << htsize != hugetlbsize) { > error_setg(errp, "Hugepage size must be a power of 2"); > return -1; > } > Queued, thanks. Paolo
© 2016 - 2024 Red Hat, Inc.