From nobody Sun Feb 8 22:02:32 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 148855712743016.765268965713744; Fri, 3 Mar 2017 08:05:27 -0800 (PST) Received: from localhost ([::1]:58797 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjphs-00068M-66 for importer@patchew.org; Fri, 03 Mar 2017 11:05:24 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51163) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjpgf-0005nw-13 for qemu-devel@nongnu.org; Fri, 03 Mar 2017 11:04:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cjpge-0000L5-BJ for qemu-devel@nongnu.org; Fri, 03 Mar 2017 11:04:09 -0500 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:48759) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cjpge-0000Jj-61 for qemu-devel@nongnu.org; Fri, 03 Mar 2017 11:04:08 -0500 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTW-0006DE-SK; Fri, 03 Mar 2017 15:50:34 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 3 Mar 2017 15:50:28 +0000 Message-Id: <1488556233-31246-2-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH for-2.9 1/6] disas/hppa: Remove dead code X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Habkost , patches@linaro.org, Laurent Vivier , Paolo Bonzini , "Edgar E. Iglesias" , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Coverity complains (CID 1302705) that the "fr0" part of the ?: in fput_fp_reg_r() is dead. This looks like cut-n-paste error from fput_fp_reg(); delete the dead code. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- disas/hppa.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/disas/hppa.c b/disas/hppa.c index 43facdc..a2d371f 100644 --- a/disas/hppa.c +++ b/disas/hppa.c @@ -1788,8 +1788,7 @@ fput_fp_reg_r (unsigned reg, disassemble_info *info) if (reg < 4) (*info->fprintf_func) (info->stream, "fpe%d", reg * 2 + 1); else - (*info->fprintf_func) (info->stream, "%sR", - reg ? fp_reg_names[reg] : "fr0"); + (*info->fprintf_func) (info->stream, "%sR", fp_reg_names[reg]); } =20 static void --=20 2.7.4 From nobody Sun Feb 8 22:02:32 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 148855729747172.73104374258514; Fri, 3 Mar 2017 08:08:17 -0800 (PST) Received: from localhost ([::1]:58814 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjpke-0000AO-41 for importer@patchew.org; Fri, 03 Mar 2017 11:08:16 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51153) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjpge-0005nY-H8 for qemu-devel@nongnu.org; Fri, 03 Mar 2017 11:04:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cjpgd-0000Ku-KN for qemu-devel@nongnu.org; Fri, 03 Mar 2017 11:04:08 -0500 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:48759) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cjpgd-0000Jj-EX for qemu-devel@nongnu.org; Fri, 03 Mar 2017 11:04:07 -0500 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTX-0006DP-Bd; Fri, 03 Mar 2017 15:50:35 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 3 Mar 2017 15:50:29 +0000 Message-Id: <1488556233-31246-3-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH for-2.9 2/6] disas/i386: Avoid NULL pointer dereference in error case X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Habkost , patches@linaro.org, Laurent Vivier , Paolo Bonzini , "Edgar E. Iglesias" , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" In a code path where we hit an internal disassembler error, execution would subsequently attempt to dereference a NULL pointer. This should never happen, but avoid the crash. Signed-off-by: Peter Maydell --- disas/i386.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/disas/i386.c b/disas/i386.c index 07f871f..f1e376c 100644 --- a/disas/i386.c +++ b/disas/i386.c @@ -4043,7 +4043,7 @@ print_insn (bfd_vma pc, disassemble_info *info) } } =20 - if (putop (dp->name, sizeflag) =3D=3D 0) + if (dp->name !=3D NULL && putop (dp->name, sizeflag) =3D=3D 0) { for (i =3D 0; i < MAX_OPERANDS; ++i) { --=20 2.7.4 From nobody Sun Feb 8 22:02:32 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1488556287308743.7007614940039; Fri, 3 Mar 2017 07:51:27 -0800 (PST) Received: from localhost ([::1]:58731 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjpUK-0005ZY-EI for importer@patchew.org; Fri, 03 Mar 2017 10:51:24 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46577) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjpTb-0005Y9-Ue for qemu-devel@nongnu.org; Fri, 03 Mar 2017 10:50:40 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cjpTb-0002t1-7F for qemu-devel@nongnu.org; Fri, 03 Mar 2017 10:50:40 -0500 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:48731) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cjpTb-0002rd-0q for qemu-devel@nongnu.org; Fri, 03 Mar 2017 10:50:39 -0500 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTX-0006Da-Qc; Fri, 03 Mar 2017 15:50:35 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 3 Mar 2017 15:50:30 +0000 Message-Id: <1488556233-31246-4-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH for-2.9 3/6] disas/m68k: Avoid unintended sign extension in get_field() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Habkost , patches@linaro.org, Laurent Vivier , Paolo Bonzini , "Edgar E. Iglesias" , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" In get_field(), we take an 'unsigned char' value and shift it left, which implicitly promotes it to 'signed int', before ORing it into an 'unsigned long' type. If 'unsigned long' is 64 bits then this will result in a sign extension and the top 32 bits of the result will be 1s. Add explicit casts to unsigned long before shifting to prevent this. (Spotted by Coverity, CID 715697.) Signed-off-by: Peter Maydell Reviewed-by: Laurent Vivier --- disas/m68k.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/disas/m68k.c b/disas/m68k.c index 073abb9..61b689e 100644 --- a/disas/m68k.c +++ b/disas/m68k.c @@ -4685,10 +4685,11 @@ get_field (const unsigned char *data, enum floatfor= mat_byteorders order, /* This is the last byte; zero out the bits which are not part of this field. */ result |=3D - (*(data + cur_byte) & ((1 << (len - cur_bitshift)) - 1)) + (unsigned long)(*(data + cur_byte) + & ((1 << (len - cur_bitshift)) - 1)) << cur_bitshift; else - result |=3D *(data + cur_byte) << cur_bitshift; + result |=3D (unsigned long)*(data + cur_byte) << cur_bitshift; cur_bitshift +=3D FLOATFORMAT_CHAR_BIT; if (order =3D=3D floatformat_little) ++cur_byte; --=20 2.7.4 From nobody Sun Feb 8 22:02:32 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1488557187380930.9812945771752; Fri, 3 Mar 2017 08:06:27 -0800 (PST) Received: from localhost ([::1]:58806 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjpip-0006wT-Nc for importer@patchew.org; Fri, 03 Mar 2017 11:06:23 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51126) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjpgc-0005m2-S1 for qemu-devel@nongnu.org; Fri, 03 Mar 2017 11:04:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cjpgc-0000KM-3l for qemu-devel@nongnu.org; Fri, 03 Mar 2017 11:04:06 -0500 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:48759) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cjpgb-0000Jj-TQ for qemu-devel@nongnu.org; Fri, 03 Mar 2017 11:04:06 -0500 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTY-0006Dl-E9; Fri, 03 Mar 2017 15:50:36 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 3 Mar 2017 15:50:31 +0000 Message-Id: <1488556233-31246-5-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH for-2.9 4/6] disas/microblaze: Avoid unintended sign extension X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Habkost , patches@linaro.org, Laurent Vivier , Paolo Bonzini , "Edgar E. Iglesias" , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" In read_insn_microblaze() we assemble 4 bytes into an 'unsigned long'. If 'unsigned long' is 64 bits and the high byte has its top bit set, then C's implicit conversion from 'unsigned char' to 'int' for the shift will result in an unintended sign extension which sets the top 32 bits in 'inst'. Add casts to prevent this. (Spotted by Coverity, CID 1005401.) Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias --- disas/microblaze.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/disas/microblaze.c b/disas/microblaze.c index 91b30ac..407c0a3 100644 --- a/disas/microblaze.c +++ b/disas/microblaze.c @@ -748,9 +748,11 @@ read_insn_microblaze (bfd_vma memaddr, } =20 if (info->endian =3D=3D BFD_ENDIAN_BIG) - inst =3D (ibytes[0] << 24) | (ibytes[1] << 16) | (ibytes[2] << 8) | ib= ytes[3]; + inst =3D ((unsigned)ibytes[0] << 24) | (ibytes[1] << 16) + | (ibytes[2] << 8) | ibytes[3]; else if (info->endian =3D=3D BFD_ENDIAN_LITTLE) - inst =3D (ibytes[3] << 24) | (ibytes[2] << 16) | (ibytes[1] << 8) | ib= ytes[0]; + inst =3D ((unsigned)ibytes[3] << 24) | (ibytes[2] << 16) + | (ibytes[1] << 8) | ibytes[0]; else abort (); =20 --=20 2.7.4 From nobody Sun Feb 8 22:02:32 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1488557393564787.1403614890543; Fri, 3 Mar 2017 08:09:53 -0800 (PST) Received: from localhost ([::1]:58820 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjpmC-0001T4-5Q for importer@patchew.org; Fri, 03 Mar 2017 11:09:52 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51195) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjpgl-0005ty-FH for qemu-devel@nongnu.org; Fri, 03 Mar 2017 11:04:17 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cjpgk-0000Lx-L1 for qemu-devel@nongnu.org; Fri, 03 Mar 2017 11:04:15 -0500 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:48764) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cjpgk-0000Li-EH for qemu-devel@nongnu.org; Fri, 03 Mar 2017 11:04:14 -0500 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTY-0006Dw-TL; Fri, 03 Mar 2017 15:50:36 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 3 Mar 2017 15:50:32 +0000 Message-Id: <1488556233-31246-6-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH for-2.9 5/6] disas/cris: Avoid unintended sign extension X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Habkost , patches@linaro.org, Laurent Vivier , Paolo Bonzini , "Edgar E. Iglesias" , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" In the cris disassembler we were using 'unsigned long' to calculate addresses which are supposed to be 32 bits. This meant that we might accidentally sign extend or calculate a value that was outside the 32 bit range of the guest CPU. Use 'uint32_t' instead so we give the right answers on 64-bit hosts. (Spotted by Coverity, CID 1005402, 1005403.) Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- disas/cris.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/disas/cris.c b/disas/cris.c index 8a1daf9..30217f1 100644 --- a/disas/cris.c +++ b/disas/cris.c @@ -2009,7 +2009,7 @@ print_with_operands (const struct cris_opcode *opcode= p, case 'n': { /* Like N but pc-relative to the start of the insn. */ - unsigned long number + uint32_t number =3D (buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 0x1000000 + addr); =20 @@ -2201,7 +2201,7 @@ print_with_operands (const struct cris_opcode *opcode= p, { /* It's [pc+]. This cannot possibly be anything but an address. */ - unsigned long number + uint32_t number =3D prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 0x1000000; --=20 2.7.4 From nobody Sun Feb 8 22:02:32 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1488556290640366.88104244140436; Fri, 3 Mar 2017 07:51:30 -0800 (PST) Received: from localhost ([::1]:58732 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjpUP-0005cS-Hc for importer@patchew.org; Fri, 03 Mar 2017 10:51:29 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46636) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjpTh-0005b6-Fi for qemu-devel@nongnu.org; Fri, 03 Mar 2017 10:50:46 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cjpTb-0002uF-W3 for qemu-devel@nongnu.org; Fri, 03 Mar 2017 10:50:45 -0500 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:48731) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cjpTb-0002rd-PT for qemu-devel@nongnu.org; Fri, 03 Mar 2017 10:50:39 -0500 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTa-0006ER-68; Fri, 03 Mar 2017 15:50:38 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 3 Mar 2017 15:50:33 +0000 Message-Id: <1488556233-31246-7-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH for-2.9 6/6] disas/arm: Avoid unintended sign extension X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Habkost , patches@linaro.org, Laurent Vivier , Paolo Bonzini , "Edgar E. Iglesias" , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" When assembling 'given' from the instruction bytes, C's integer promotion rules mean we may promote an unsigned char to a signed integer before shifting it, and then sign extend to a 64-bit long, which can set the high bits of the long. The code doesn't in fact care about the high bits if the long is 64 bits, but this is surprising, so don't do it. (Spotted by Coverity, CID 1005404.) Signed-off-by: Peter Maydell --- Arguably 'given' should be uint32_t here rather than 'long', but a small change to placate Coverity seemed wiser than a wholesale change of the type of the 'given' variables/arguments through the whole file, since this is 3rd-party code that's known to work. --- disas/arm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/disas/arm.c b/disas/arm.c index 93c6503..27396dd 100644 --- a/disas/arm.c +++ b/disas/arm.c @@ -3901,9 +3901,9 @@ print_insn_arm (bfd_vma pc, struct disassemble_info *= info) =20 status =3D info->read_memory_func (pc, (bfd_byte *)b, 4, info); if (little) - given =3D (b[0]) | (b[1] << 8) | (b[2] << 16) | (b[3] << 24); + given =3D (b[0]) | (b[1] << 8) | (b[2] << 16) | ((unsigned)b[3] << 24); else - given =3D (b[3]) | (b[2] << 8) | (b[1] << 16) | (b[0] << 24); + given =3D (b[3]) | (b[2] << 8) | (b[1] << 16) | ((unsigned)b[0] << 24); } else { --=20 2.7.4