1. Patchew
  2. QEMU
  3. View series

[PATCH] target/i386: Suppress coverity warning on fsave/frstor

Richard Henderson posted 1 patch 3 years, 10 months ago
Test checkpatch passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20220401184635.327423-1-richard.henderson@linaro.org
Maintainers: Paolo Bonzini <pbonzini@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, Eduardo Habkost <eduardo@habkost.net>
target/i386/tcg/fpu_helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[PATCH] target/i386: Suppress coverity warning on fsave/frstor
Posted by Richard Henderson 3 years, 10 months ago 
Coverity warns that 14 << data32 may overflow with respect
to the target_ulong to which it is subsequently added.
We know this wasn't true because data32 is in [1,2],
but the suggested fix is perfectly fine.

Fixes: Coverity CID 1487135, 1487256
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/i386/tcg/fpu_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c
index ebf5e73df9..30bc44fcf8 100644
--- a/target/i386/tcg/fpu_helper.c
+++ b/target/i386/tcg/fpu_helper.c
@@ -2466,7 +2466,7 @@ static void do_fsave(CPUX86State *env, target_ulong ptr, int data32,
 
     do_fstenv(env, ptr, data32, retaddr);
 
-    ptr += (14 << data32);
+    ptr += (target_ulong)14 << data32;
     for (i = 0; i < 8; i++) {
         tmp = ST(i);
         do_fstt(env, tmp, ptr, retaddr);
@@ -2488,7 +2488,7 @@ static void do_frstor(CPUX86State *env, target_ulong ptr, int data32,
     int i;
 
     do_fldenv(env, ptr, data32, retaddr);
-    ptr += (14 << data32);
+    ptr += (target_ulong)14 << data32;
 
     for (i = 0; i < 8; i++) {
         tmp = do_fldt(env, ptr, retaddr);
-- 
2.25.1
Re: [PATCH] target/i386: Suppress coverity warning on fsave/frstor
Posted by Richard Henderson 3 years, 9 months ago 
On 4/1/22 11:46, Richard Henderson wrote:
> Coverity warns that 14 << data32 may overflow with respect
> to the target_ulong to which it is subsequently added.
> We know this wasn't true because data32 is in [1,2],
> but the suggested fix is perfectly fine.
> 
> Fixes: Coverity CID 1487135, 1487256
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>   target/i386/tcg/fpu_helper.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c
> index ebf5e73df9..30bc44fcf8 100644
> --- a/target/i386/tcg/fpu_helper.c
> +++ b/target/i386/tcg/fpu_helper.c
> @@ -2466,7 +2466,7 @@ static void do_fsave(CPUX86State *env, target_ulong ptr, int data32,
>   
>       do_fstenv(env, ptr, data32, retaddr);
>   
> -    ptr += (14 << data32);
> +    ptr += (target_ulong)14 << data32;
>       for (i = 0; i < 8; i++) {
>           tmp = ST(i);
>           do_fstt(env, tmp, ptr, retaddr);
> @@ -2488,7 +2488,7 @@ static void do_frstor(CPUX86State *env, target_ulong ptr, int data32,
>       int i;
>   
>       do_fldenv(env, ptr, data32, retaddr);
> -    ptr += (14 << data32);
> +    ptr += (target_ulong)14 << data32;
>   
>       for (i = 0; i < 8; i++) {
>           tmp = do_fldt(env, ptr, retaddr);

Queuing to tcg-next.


r~
Re: [PATCH] target/i386: Suppress coverity warning on fsave/frstor
Posted by Damien Hedde 3 years, 10 months ago 
On 4/1/22 20:46, Richard Henderson wrote:
> Coverity warns that 14 << data32 may overflow with respect
> to the target_ulong to which it is subsequently added.
> We know this wasn't true because data32 is in [1,2],
> but the suggested fix is perfectly fine.
> 
> Fixes: Coverity CID 1487135, 1487256
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>   target/i386/tcg/fpu_helper.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c
> index ebf5e73df9..30bc44fcf8 100644
> --- a/target/i386/tcg/fpu_helper.c
> +++ b/target/i386/tcg/fpu_helper.c
> @@ -2466,7 +2466,7 @@ static void do_fsave(CPUX86State *env, target_ulong ptr, int data32,
>   
>       do_fstenv(env, ptr, data32, retaddr);
>   
> -    ptr += (14 << data32);
> +    ptr += (target_ulong)14 << data32;
>       for (i = 0; i < 8; i++) {
>           tmp = ST(i);
>           do_fstt(env, tmp, ptr, retaddr);
> @@ -2488,7 +2488,7 @@ static void do_frstor(CPUX86State *env, target_ulong ptr, int data32,
>       int i;
>   
>       do_fldenv(env, ptr, data32, retaddr);
> -    ptr += (14 << data32);
> +    ptr += (target_ulong)14 << data32;
>   
>       for (i = 0; i < 8; i++) {
>           tmp = do_fldt(env, ptr, retaddr);

Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.