From patchwork Mon Jan 9 16:45:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 90535 Delivered-To: patches@linaro.org Received: by 10.140.20.99 with SMTP id 90csp168489qgi; Mon, 9 Jan 2017 08:45:12 -0800 (PST) X-Received: by 10.223.172.168 with SMTP id o37mr353342wrc.21.1483980311980; Mon, 09 Jan 2017 08:45:11 -0800 (PST) Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id l1si8656384wra.261.2017.01.09.08.45.11 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Jan 2017 08:45:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cQd4I-0001tn-F2; Mon, 09 Jan 2017 16:45:10 +0000 From: Peter Maydell To: qemu-devel@nongnu.org, qemu-trivial@nongnu.org Cc: patches@linaro.org, Paolo Bonzini Subject: [PATCH] hw/display/framebuffer.c: Avoid overflow for framebuffers > 4GB Date: Mon, 9 Jan 2017 16:45:09 +0000 Message-Id: <1483980309-30821-1-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 Coverity points out that calculating src_len by multiplying src_width by rows could overflow. This can only happen in the implausible case of a framebuffer larger than 4GB, but we may as well fix it, placating Coverity. (CID1005515) Signed-off-by: Peter Maydell --- hw/display/framebuffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.7.4 diff --git a/hw/display/framebuffer.c b/hw/display/framebuffer.c index df51358..25aa46c 100644 --- a/hw/display/framebuffer.c +++ b/hw/display/framebuffer.c @@ -78,7 +78,7 @@ void framebuffer_update_display( i = *first_row; *first_row = -1; - src_len = src_width * rows; + src_len = (hwaddr)src_width * rows; mem = mem_section->mr; if (!mem) {