Message ID | 20180515172729.24564-1-peter.maydell@linaro.org |
---|---|
State | Superseded |
Headers | show |
Series | memfd: Avoid Coverity warning about integer overflow | expand |
On Tue, May 15, 2018 at 7:27 PM, Peter Maydell <peter.maydell@linaro.org> wrote: > Coverity complains about qemu_memfd_create() (CID 1385858) because > we calculate a bit position htsize which could be up to 63, but > then use it in "1 << htsize" which is a 32-bit integer calculation > and could push the 1 off the top of the value. > > Silence the complaint bu using "1ULL"; this isn't a bug in > practice since a hugetlbsize of 4GB is not very plausible. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Thanks Peter for the fix, Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> > --- > util/memfd.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/util/memfd.c b/util/memfd.c > index b3ecbac19e..d248a53c3c 100644 > --- a/util/memfd.c > +++ b/util/memfd.c > @@ -66,7 +66,7 @@ int qemu_memfd_create(const char *name, size_t size, bool hugetlb, > { > int htsize = hugetlbsize ? ctz64(hugetlbsize) : 0; > > - if (htsize && 1 << htsize != hugetlbsize) { > + if (htsize && 1ULL << htsize != hugetlbsize) { > error_setg(errp, "Hugepage size must be a power of 2"); > return -1; > } > -- > 2.17.0 > > -- Marc-André Lureau
Peter Maydell <peter.maydell@linaro.org> writes: > Coverity complains about qemu_memfd_create() (CID 1385858) because > we calculate a bit position htsize which could be up to 63, but > then use it in "1 << htsize" which is a 32-bit integer calculation > and could push the 1 off the top of the value. > > Silence the complaint bu using "1ULL"; this isn't a bug in > practice since a hugetlbsize of 4GB is not very plausible. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> > --- > util/memfd.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/util/memfd.c b/util/memfd.c > index b3ecbac19e..d248a53c3c 100644 > --- a/util/memfd.c > +++ b/util/memfd.c > @@ -66,7 +66,7 @@ int qemu_memfd_create(const char *name, size_t size, bool hugetlb, > { > int htsize = hugetlbsize ? ctz64(hugetlbsize) : 0; > > - if (htsize && 1 << htsize != hugetlbsize) { > + if (htsize && 1ULL << htsize != hugetlbsize) { > error_setg(errp, "Hugepage size must be a power of 2"); > return -1; > } -- Alex Bennée
On 15/05/2018 19:27, Peter Maydell wrote: > Coverity complains about qemu_memfd_create() (CID 1385858) because > we calculate a bit position htsize which could be up to 63, but > then use it in "1 << htsize" which is a 32-bit integer calculation > and could push the 1 off the top of the value. > > Silence the complaint bu using "1ULL"; this isn't a bug in > practice since a hugetlbsize of 4GB is not very plausible. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > util/memfd.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/util/memfd.c b/util/memfd.c > index b3ecbac19e..d248a53c3c 100644 > --- a/util/memfd.c > +++ b/util/memfd.c > @@ -66,7 +66,7 @@ int qemu_memfd_create(const char *name, size_t size, bool hugetlb, > { > int htsize = hugetlbsize ? ctz64(hugetlbsize) : 0; > > - if (htsize && 1 << htsize != hugetlbsize) { > + if (htsize && 1ULL << htsize != hugetlbsize) { > error_setg(errp, "Hugepage size must be a power of 2"); > return -1; > } > Queued, thanks. Paolo
diff --git a/util/memfd.c b/util/memfd.c index b3ecbac19e..d248a53c3c 100644 --- a/util/memfd.c +++ b/util/memfd.c @@ -66,7 +66,7 @@ int qemu_memfd_create(const char *name, size_t size, bool hugetlb, { int htsize = hugetlbsize ? ctz64(hugetlbsize) : 0; - if (htsize && 1 << htsize != hugetlbsize) { + if (htsize && 1ULL << htsize != hugetlbsize) { error_setg(errp, "Hugepage size must be a power of 2"); return -1; }
Coverity complains about qemu_memfd_create() (CID 1385858) because we calculate a bit position htsize which could be up to 63, but then use it in "1 << htsize" which is a 32-bit integer calculation and could push the 1 off the top of the value. Silence the complaint bu using "1ULL"; this isn't a bug in practice since a hugetlbsize of 4GB is not very plausible. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- util/memfd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.17.0