From patchwork Fri Mar 3 15:50:32 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 94853 Delivered-To: patches@linaro.org Received: by 10.182.3.34 with SMTP id 2csp274257obz; Fri, 3 Mar 2017 07:50:39 -0800 (PST) X-Received: by 10.99.105.66 with SMTP id e63mr4258628pgc.104.1488556239503; Fri, 03 Mar 2017 07:50:39 -0800 (PST) Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id z17si10980517pgf.39.2017.03.03.07.50.38 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Mar 2017 07:50:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTY-0006Dw-TL; Fri, 03 Mar 2017 15:50:36 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, "Edgar E. Iglesias" , Richard Henderson , Paolo Bonzini , Eduardo Habkost , Laurent Vivier Subject: [PATCH for-2.9 5/6] disas/cris: Avoid unintended sign extension Date: Fri, 3 Mar 2017 15:50:32 +0000 Message-Id: <1488556233-31246-6-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> In the cris disassembler we were using 'unsigned long' to calculate addresses which are supposed to be 32 bits. This meant that we might accidentally sign extend or calculate a value that was outside the 32 bit range of the guest CPU. Use 'uint32_t' instead so we give the right answers on 64-bit hosts. (Spotted by Coverity, CID 1005402, 1005403.) Signed-off-by: Peter Maydell --- disas/cris.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.7.4 Reviewed-by: Edgar E. Iglesias Reviewed-by: Philippe Mathieu-Daudé diff --git a/disas/cris.c b/disas/cris.c index 8a1daf9..30217f1 100644 --- a/disas/cris.c +++ b/disas/cris.c @@ -2009,7 +2009,7 @@ print_with_operands (const struct cris_opcode *opcodep, case 'n': { /* Like N but pc-relative to the start of the insn. */ - unsigned long number + uint32_t number = (buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 0x1000000 + addr); @@ -2201,7 +2201,7 @@ print_with_operands (const struct cris_opcode *opcodep, { /* It's [pc+]. This cannot possibly be anything but an address. */ - unsigned long number + uint32_t number = prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 0x1000000;