1. Patchew
  2. QEMU
  3. View series

[PATCH] target/mips: Fix potential integer overflow (CID 1452921)

Philippe Mathieu-Daudé posted 1 patch 2 years, 11 months ago
Test checkpatch passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20210505215119.1517465-1-f4bug@amsat.org
Maintainers: Aurelien Jarno <aurelien@aurel32.net>, "Philippe Mathieu-Daudé" <f4bug@amsat.org>, Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>, Jiaxun Yang <jiaxun.yang@flygoat.com>
target/mips/tcg/sysemu/tlb_helper.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
[PATCH] target/mips: Fix potential integer overflow (CID 1452921)
Posted by Philippe Mathieu-Daudé 2 years, 11 months ago 
Use the BIT_ULL() macro to ensure we use 64-bit arithmetic.
This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN):

  CID 1452921:  Integer handling issues:

    Potentially overflowing expression "1 << w" with type "int"
    (32 bits, signed) is evaluated using 32-bit arithmetic, and
    then used in a context that expects an expression of type
    "uint64_t" (64 bits, unsigned).

Fixes: 074cfcb4dae ("target/mips: Implement hardware page table walker")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
 target/mips/tcg/sysemu/tlb_helper.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/mips/tcg/sysemu/tlb_helper.c b/target/mips/tcg/sysemu/tlb_helper.c
index 259f780d19f..a150a014ec1 100644
--- a/target/mips/tcg/sysemu/tlb_helper.c
+++ b/target/mips/tcg/sysemu/tlb_helper.c
@@ -17,6 +17,7 @@
  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  */
 #include "qemu/osdep.h"
+#include "qemu/bitops.h"
 
 #include "cpu.h"
 #include "internal.h"
@@ -659,7 +660,7 @@ static int walk_directory(CPUMIPSState *env, uint64_t *vaddr,
         w = directory_index - 1;
         if (directory_index & 0x1) {
             /* Generate adjacent page from same PTE for odd TLB page */
-            lsb = (1 << w) >> 6;
+            lsb = BIT_ULL(w) >> 6;
             *pw_entrylo0 = entry & ~lsb; /* even page */
             *pw_entrylo1 = entry | lsb; /* odd page */
         } else if (dph) {
-- 
2.26.3
Re: [PATCH] target/mips: Fix potential integer overflow (CID 1452921)
Posted by Richard Henderson 2 years, 11 months ago 
On 5/5/21 2:51 PM, Philippe Mathieu-Daudé wrote:
> Use the BIT_ULL() macro to ensure we use 64-bit arithmetic.
> This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN):
> 
>    CID 1452921:  Integer handling issues:
> 
>      Potentially overflowing expression "1 << w" with type "int"
>      (32 bits, signed) is evaluated using 32-bit arithmetic, and
>      then used in a context that expects an expression of type
>      "uint64_t" (64 bits, unsigned).
> 
> Fixes: 074cfcb4dae ("target/mips: Implement hardware page table walker")
> Signed-off-by: Philippe Mathieu-Daudé<f4bug@amsat.org>
> ---
>   target/mips/tcg/sysemu/tlb_helper.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~
Re: [PATCH] target/mips: Fix potential integer overflow (CID 1452921)
Posted by Philippe Mathieu-Daudé 2 years, 11 months ago 
On 5/5/21 11:51 PM, Philippe Mathieu-Daudé wrote:
> Use the BIT_ULL() macro to ensure we use 64-bit arithmetic.
> This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN):
> 
>   CID 1452921:  Integer handling issues:
> 
>     Potentially overflowing expression "1 << w" with type "int"
>     (32 bits, signed) is evaluated using 32-bit arithmetic, and
>     then used in a context that expects an expression of type
>     "uint64_t" (64 bits, unsigned).
> 
> Fixes: 074cfcb4dae ("target/mips: Implement hardware page table walker")
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
>  target/mips/tcg/sysemu/tlb_helper.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

Thanks, applied to mips-next.

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.