From patchwork Fri Mar 3 15:50:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 94851 Delivered-To: patches@linaro.org Received: by 10.182.3.34 with SMTP id 2csp274249obz; Fri, 3 Mar 2017 07:50:38 -0800 (PST) X-Received: by 10.46.22.14 with SMTP id w14mr1359159ljd.18.1488556238229; Fri, 03 Mar 2017 07:50:38 -0800 (PST) Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id i7si6171279ljb.273.2017.03.03.07.50.37 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Mar 2017 07:50:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTX-0006Da-Qc; Fri, 03 Mar 2017 15:50:35 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, "Edgar E. Iglesias" , Richard Henderson , Paolo Bonzini , Eduardo Habkost , Laurent Vivier Subject: [PATCH for-2.9 3/6] disas/m68k: Avoid unintended sign extension in get_field() Date: Fri, 3 Mar 2017 15:50:30 +0000 Message-Id: <1488556233-31246-4-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> In get_field(), we take an 'unsigned char' value and shift it left, which implicitly promotes it to 'signed int', before ORing it into an 'unsigned long' type. If 'unsigned long' is 64 bits then this will result in a sign extension and the top 32 bits of the result will be 1s. Add explicit casts to unsigned long before shifting to prevent this. (Spotted by Coverity, CID 715697.) Signed-off-by: Peter Maydell --- disas/m68k.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -- 2.7.4 Reviewed-by: Laurent Vivier diff --git a/disas/m68k.c b/disas/m68k.c index 073abb9..61b689e 100644 --- a/disas/m68k.c +++ b/disas/m68k.c @@ -4685,10 +4685,11 @@ get_field (const unsigned char *data, enum floatformat_byteorders order, /* This is the last byte; zero out the bits which are not part of this field. */ result |= - (*(data + cur_byte) & ((1 << (len - cur_bitshift)) - 1)) + (unsigned long)(*(data + cur_byte) + & ((1 << (len - cur_bitshift)) - 1)) << cur_bitshift; else - result |= *(data + cur_byte) << cur_bitshift; + result |= (unsigned long)*(data + cur_byte) << cur_bitshift; cur_bitshift += FLOATFORMAT_CHAR_BIT; if (order == floatformat_little) ++cur_byte;