[sdl-qemu] [PATCH] disas/sparc: Fix integer overflow in compare

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [sdl-qemu] [PATCH] disas/sparc: Fix integer overflow in compare_opcodes()
@ 2025-02-18  8:58 zeff
  2025-02-18 10:28 ` Peter Maydell
  0 siblings, 1 reply; 2+ messages in thread
From: zeff @ 2025-02-18  8:58 UTC (permalink / raw)
  To: qemu-devel
  Cc: mark.cave-ayland, atar4qemu, peter.maydell, sdl.qemu, e.bykhanova,
	sergeevdv, Denis Sergeev

From: Denis Sergeev <zeff@altlinux.org>

Fix an integer overflow issue caused by a left shift operation (1 << i)
on an int literal. For i >= 31, this could lead to undefined behavior by
exceeding the 32-bit range.

To prevent this, explicitly cast the literal to an unsigned long int
(1UL << i), ensuring the shift operation is performed safely.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2618
Reported-by: E. Bykhanova <e.bykhanova@fobos-nt.ru>
Signed-off-by: Denis Sergeev <zeff@altlinux.org>
---
 disas/sparc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/disas/sparc.c b/disas/sparc.c
index 5689533ce1..92b9ac754f 100644
--- a/disas/sparc.c
+++ b/disas/sparc.c
@@ -2515,7 +2515,7 @@ compare_opcodes (const void * a, const void * b)
      another, it is important to order the opcodes in the right order.  */
   for (i = 0; i < 32; ++i)
     {
-      unsigned long int x = 1 << i;
+      unsigned long int x = 1UL << i;
       int x0 = (match0 & x) != 0;
       int x1 = (match1 & x) != 0;
 
@@ -2525,7 +2525,7 @@ compare_opcodes (const void * a, const void * b)
 
   for (i = 0; i < 32; ++i)
     {
-      unsigned long int x = 1 << i;
+      unsigned long int x = 1UL << i;
       int x0 = (lose0 & x) != 0;
       int x1 = (lose1 & x) != 0;
 
-- 
2.42.4



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [sdl-qemu] [PATCH] disas/sparc: Fix integer overflow in compare_opcodes()
  2025-02-18  8:58 [sdl-qemu] [PATCH] disas/sparc: Fix integer overflow in compare_opcodes() zeff
@ 2025-02-18 10:28 ` Peter Maydell
  0 siblings, 0 replies; 2+ messages in thread
From: Peter Maydell @ 2025-02-18 10:28 UTC (permalink / raw)
  To: zeff
  Cc: qemu-devel, mark.cave-ayland, atar4qemu, sdl.qemu, e.bykhanova,
	sergeevdv

On Tue, 18 Feb 2025 at 09:00, <zeff@altlinux.org> wrote:
>
> From: Denis Sergeev <zeff@altlinux.org>
>
> Fix an integer overflow issue caused by a left shift operation (1 << i)
> on an int literal. For i >= 31, this could lead to undefined behavior by
> exceeding the 32-bit range.

The only case here where i >= 31 is exactly i == 31.
QEMU compiles with -fwrapv, so in our dialect of C
a shift left of signed integer 1 into the sign bit
is *not* undefined behaviour.

thanks
-- PMM


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-02-18 14:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-18  8:58 [sdl-qemu] [PATCH] disas/sparc: Fix integer overflow in compare_opcodes() zeff
2025-02-18 10:28 ` Peter Maydell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).