From: Peter Maydell <peter.maydell@linaro.org>
To: Hao Wu <wuhaotsh@google.com>
Cc: QEMU Developers <qemu-devel@nongnu.org>
Subject: Re: [PULL 18/21] hw/misc: Add a PWM module for NPCM7XX
Date: Mon, 25 Jan 2021 12:04:41 +0000 [thread overview]
Message-ID: <CAFEAcA-khf3Y9STUrR+iuuQmyUDoFg2s+uCzZpV57Hciv82ZfA@mail.gmail.com> (raw)
In-Reply-To: <CAGcCb12vAYYUvKHCdmOf2PzSHfHYz53kqEtT6cwtfXAVuUMvUA@mail.gmail.com>
On Wed, 13 Jan 2021 at 17:13, Hao Wu <wuhaotsh@google.com> wrote:
> On Wed, Jan 13, 2021 at 8:03 AM Peter Maydell <peter.maydell@linaro.org> wrote:
>> Hi; Coverity reports a possibly-overflowing arithmetic operation here
>> (CID 1442342):
>>
>> > +static uint32_t npcm7xx_pwm_calculate_duty(NPCM7xxPWM *p)
>> > +{
>> > + uint64_t duty;
>> > +
>> > + if (p->running) {
>> > + if (p->cnr == 0) {
>> > + duty = 0;
>> > + } else if (p->cmr >= p->cnr) {
>> > + duty = NPCM7XX_PWM_MAX_DUTY;
>> > + } else {
>> > + duty = NPCM7XX_PWM_MAX_DUTY * (p->cmr + 1) / (p->cnr + 1);
>>
>> Here all of p->cmr, p->cnr and NPCM7XX_PWM_MAX_DUTY are 32-bits,
>> so we calculate the whole expression using 32-bit arithmetic
>> before assigning it to a 64-bit variable. This could be
>> fixed using eg a cast of NPCM7XX_PWM_MAX_DUTY to uint64_t.
>>
>> Incidentally, we don't actually do any 64-bit
>> arithmetic calculations on 'duty' and we return
>> a uint32_t from this function, so 'duty' itself could
>> be a uint32_t, I think...
>
> Since NPCM7XX_PWM_MAX_DUTY =1,000,000 and p->cmr can have up to 65535, The overflow is possible. We might want to cast NPCM7XX_PWM_MAX_DUTY to uint64_t or #define NPCM7XX_PWM_MAX_DUTY 1000000ULL
> duty itself could be a uint32_t as you point out. Since p->cmr is less than p->cnr in this line, duty cannot exceed NPCM7XX_PWM_MAX_DUTY, so there's no overflow after this computation.
Hi; were you planning to write a patch for this?
thanks
-- PMM
next prev parent reply other threads:[~2021-01-25 12:07 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-12 16:57 [PULL 00/21] target-arm queue Peter Maydell
2021-01-12 16:57 ` [PULL 01/21] target/arm: ARMv8.4-TTST extension Peter Maydell
2021-01-12 16:57 ` [PULL 02/21] target/arm: enable Small Translation tables in max CPU Peter Maydell
2021-01-12 16:57 ` [PULL 03/21] target/arm: fix typo in cpu.h ID_AA64PFR1 field name Peter Maydell
2021-01-12 16:57 ` [PULL 04/21] target/arm: make ARMCPU.clidr 64-bit Peter Maydell
2021-01-12 16:57 ` [PULL 05/21] target/arm: make ARMCPU.ctr 64-bit Peter Maydell
2021-01-12 16:57 ` [PULL 06/21] target/arm: add descriptions of CLIDR_EL1, CCSIDR_EL1, CTR_EL0 to cpu.h Peter Maydell
2021-01-12 16:57 ` [PULL 07/21] target/arm: add aarch64 ID register fields " Peter Maydell
2021-01-12 16:57 ` [PULL 08/21] target/arm: add aarch32 " Peter Maydell
2021-01-12 16:57 ` [PULL 09/21] ui/cocoa: Update path to docs in build tree Peter Maydell
2021-01-12 16:57 ` [PULL 10/21] docs: Add qemu-storage-daemon(1) manpage to meson.build Peter Maydell
2021-01-12 16:57 ` [PULL 11/21] docs: Build and install all the docs in a single manual Peter Maydell
2022-12-08 6:55 ` Stefan Weil via
2022-12-08 10:39 ` Peter Maydell
2021-01-12 16:57 ` [PULL 12/21] target/arm: Don't decode insns in the XScale/iWMMXt space as cp insns Peter Maydell
2021-01-12 16:57 ` [PULL 13/21] hw/net/lan9118: Fix RX Status FIFO PEEK value Peter Maydell
2021-01-12 16:57 ` [PULL 14/21] hw/net/lan9118: Add symbolic constants for register offsets Peter Maydell
2021-01-12 16:57 ` [PULL 15/21] hw/misc: Add clock converter in NPCM7XX CLK module Peter Maydell
2021-01-12 16:57 ` [PULL 16/21] hw/timer: Refactor NPCM7XX Timer to use CLK clock Peter Maydell
2021-02-04 9:39 ` Philippe Mathieu-Daudé
2021-02-04 22:37 ` Hao Wu
2021-02-10 11:54 ` Philippe Mathieu-Daudé
2021-06-22 12:58 ` Philippe Mathieu-Daudé
2021-07-27 14:19 ` Peter Maydell
2021-07-27 18:07 ` Havard Skinnemoen
2021-01-12 16:57 ` [PULL 17/21] hw/adc: Add an ADC module for NPCM7XX Peter Maydell
2021-01-29 14:41 ` Philippe Mathieu-Daudé
2021-01-29 17:15 ` wuhaotsh--- via
2021-01-29 18:23 ` Philippe Mathieu-Daudé
2021-01-12 16:57 ` [PULL 18/21] hw/misc: Add a PWM " Peter Maydell
2021-01-13 16:02 ` Peter Maydell
2021-01-13 17:13 ` Hao Wu
2021-01-25 12:04 ` Peter Maydell [this message]
2021-01-12 16:57 ` [PULL 19/21] hw/misc: Add QTest for NPCM7XX PWM Module Peter Maydell
2021-01-12 16:57 ` [PULL 20/21] hw/*: Use type casting for SysBusDevice in NPCM7XX Peter Maydell
2021-01-12 16:57 ` [PULL 21/21] ui/cocoa: Fix openFile: deprecation on Big Sur Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA-khf3Y9STUrR+iuuQmyUDoFg2s+uCzZpV57Hciv82ZfA@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=wuhaotsh@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).