Message ID | 20220401184635.327423-1-richard.henderson@linaro.org |
---|---|
State | Superseded |
Headers | show |
Series | target/i386: Suppress coverity warning on fsave/frstor | expand |
On 4/1/22 20:46, Richard Henderson wrote: > Coverity warns that 14 << data32 may overflow with respect > to the target_ulong to which it is subsequently added. > We know this wasn't true because data32 is in [1,2], > but the suggested fix is perfectly fine. > > Fixes: Coverity CID 1487135, 1487256 > Signed-off-by: Richard Henderson <richard.henderson@linaro.org> > --- > target/i386/tcg/fpu_helper.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c > index ebf5e73df9..30bc44fcf8 100644 > --- a/target/i386/tcg/fpu_helper.c > +++ b/target/i386/tcg/fpu_helper.c > @@ -2466,7 +2466,7 @@ static void do_fsave(CPUX86State *env, target_ulong ptr, int data32, > > do_fstenv(env, ptr, data32, retaddr); > > - ptr += (14 << data32); > + ptr += (target_ulong)14 << data32; > for (i = 0; i < 8; i++) { > tmp = ST(i); > do_fstt(env, tmp, ptr, retaddr); > @@ -2488,7 +2488,7 @@ static void do_frstor(CPUX86State *env, target_ulong ptr, int data32, > int i; > > do_fldenv(env, ptr, data32, retaddr); > - ptr += (14 << data32); > + ptr += (target_ulong)14 << data32; > > for (i = 0; i < 8; i++) { > tmp = do_fldt(env, ptr, retaddr); Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
On 4/1/22 11:46, Richard Henderson wrote: > Coverity warns that 14 << data32 may overflow with respect > to the target_ulong to which it is subsequently added. > We know this wasn't true because data32 is in [1,2], > but the suggested fix is perfectly fine. > > Fixes: Coverity CID 1487135, 1487256 > Signed-off-by: Richard Henderson <richard.henderson@linaro.org> > --- > target/i386/tcg/fpu_helper.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c > index ebf5e73df9..30bc44fcf8 100644 > --- a/target/i386/tcg/fpu_helper.c > +++ b/target/i386/tcg/fpu_helper.c > @@ -2466,7 +2466,7 @@ static void do_fsave(CPUX86State *env, target_ulong ptr, int data32, > > do_fstenv(env, ptr, data32, retaddr); > > - ptr += (14 << data32); > + ptr += (target_ulong)14 << data32; > for (i = 0; i < 8; i++) { > tmp = ST(i); > do_fstt(env, tmp, ptr, retaddr); > @@ -2488,7 +2488,7 @@ static void do_frstor(CPUX86State *env, target_ulong ptr, int data32, > int i; > > do_fldenv(env, ptr, data32, retaddr); > - ptr += (14 << data32); > + ptr += (target_ulong)14 << data32; > > for (i = 0; i < 8; i++) { > tmp = do_fldt(env, ptr, retaddr); Queuing to tcg-next. r~
diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c index ebf5e73df9..30bc44fcf8 100644 --- a/target/i386/tcg/fpu_helper.c +++ b/target/i386/tcg/fpu_helper.c @@ -2466,7 +2466,7 @@ static void do_fsave(CPUX86State *env, target_ulong ptr, int data32, do_fstenv(env, ptr, data32, retaddr); - ptr += (14 << data32); + ptr += (target_ulong)14 << data32; for (i = 0; i < 8; i++) { tmp = ST(i); do_fstt(env, tmp, ptr, retaddr); @@ -2488,7 +2488,7 @@ static void do_frstor(CPUX86State *env, target_ulong ptr, int data32, int i; do_fldenv(env, ptr, data32, retaddr); - ptr += (14 << data32); + ptr += (target_ulong)14 << data32; for (i = 0; i < 8; i++) { tmp = do_fldt(env, ptr, retaddr);
Coverity warns that 14 << data32 may overflow with respect to the target_ulong to which it is subsequently added. We know this wasn't true because data32 is in [1,2], but the suggested fix is perfectly fine. Fixes: Coverity CID 1487135, 1487256 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- target/i386/tcg/fpu_helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)