mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

aspeed/smc: Fix potential overflow

Browse Source 
Coverity warns that "ssi_transfer(s->spi, 0U) << 8 * i" might overflow
because the expression is evaluated using 32-bit arithmetic and then
used in a context expecting a uint64_t.

Fixes: Coverity CID 1487244
Message-Id: <20220628165512.1133590-1-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
This commit is contained in:
Cédric Le Goater 2022-06-30 09:21:13 +02:00
parent 0dbf6dc576
commit 75dbf30be8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hw/ssi/aspeed_smc.c
View File

@ -488,7 +488,7 @@ static uint64_t aspeed_smc_flash_read(void *opaque, hwaddr addr, unsigned size)
switch (aspeed_smc_flash_mode(fl)) { switch (aspeed_smc_flash_mode(fl)) {
case CTRL_USERMODE: case CTRL_USERMODE:
for (i = 0; i < size; i++) { for (i = 0; i < size; i++) {
ret |= ssi_transfer(s->spi, 0x0) << (8 * i); ret |= (uint64_t) ssi_transfer(s->spi, 0x0) << (8 * i);
} }
break; break;
case CTRL_READMODE: case CTRL_READMODE:
@ -497,7 +497,7 @@ static uint64_t aspeed_smc_flash_read(void *opaque, hwaddr addr, unsigned size)
aspeed_smc_flash_setup(fl, addr); aspeed_smc_flash_setup(fl, addr);
for (i = 0; i < size; i++) { for (i = 0; i < size; i++) {
ret |= ssi_transfer(s->spi, 0x0) << (8 * i); ret |= (uint64_t) ssi_transfer(s->spi, 0x0) << (8 * i);
} }
aspeed_smc_flash_unselect(fl); aspeed_smc_flash_unselect(fl);