From 744a790ec01a30033309e6a2155df4d61061e184 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 2 Nov 2020 16:52:16 +0000 Subject: [PATCH] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use the BIT_ULL() macro to ensure we use 64-bit arithmetic. This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN): CID 1432363 (#1 of 1): Unintentional integer overflow: overflow_before_widen: Potentially overflowing expression 1 << scale with type int (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type hwaddr (64 bits, unsigned). Signed-off-by: Philippe Mathieu-Daudé Acked-by: Eric Auger Message-id: 20201030144617.1535064-1-philmd@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/smmuv3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 2017ba7a5a..22607c3784 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -17,6 +17,7 @@ */ #include "qemu/osdep.h" +#include "qemu/bitops.h" #include "hw/irq.h" #include "hw/sysbus.h" #include "migration/vmstate.h" @@ -864,7 +865,7 @@ static void smmuv3_s1_range_inval(SMMUState *s, Cmd *cmd) scale = CMD_SCALE(cmd); num = CMD_NUM(cmd); ttl = CMD_TTL(cmd); - num_pages = (num + 1) * (1 << (scale)); + num_pages = (num + 1) * BIT_ULL(scale); } if (type == SMMU_CMD_TLBI_NH_VA) {