1. Patchew
  2. QEMU
  3. [PULL 00/15] target-arm queue
  4. View patch

[PULL 01/15] hw/timer/exynos4210_mct: fix possible int overflow

Peter Maydell posted 15 patches 4 days, 3 hours ago
There is a newer version of this series
[PULL 01/15] hw/timer/exynos4210_mct: fix possible int overflow
Posted by Peter Maydell 4 days, 3 hours ago 
From: Dmitry Frolov <frolov@swemel.ru>

The product "icnto * s->tcntb" may overflow uint32_t.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Message-id: 20241106083801.219578-2-frolov@swemel.ru
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/timer/exynos4210_mct.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c
index e807fe2de90..5c6e139b202 100644
--- a/hw/timer/exynos4210_mct.c
+++ b/hw/timer/exynos4210_mct.c
@@ -815,7 +815,7 @@ static uint32_t exynos4210_ltick_cnt_get_cnto(struct tick_timer *s)
         /* Both are counting */
         icnto = remain / s->tcntb;
         if (icnto) {
-            tcnto = remain % (icnto * s->tcntb);
+            tcnto = remain % ((uint64_t)icnto * s->tcntb);
         } else {
             tcnto = remain % s->tcntb;
         }
-- 
2.34.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.