mirror of https://github.com/proxmox/mirror_qemu
0fe4cac5dd
Coverity points out that in page_table_walk_refill() we can shift by a negative number, which is undefined behaviour (CID 1452918, 1452920, 1452922). We already catch the negative directory_shift and leaf_shift as being a "bail out early" case, but not until we've already used them to calculated some offset values. The shifts can be negative only if ptew > 1, so make the bail-out-early check look directly at that, and only calculate the shift amounts and the offsets based on them after we have done that check. This allows us to simplify the expressions used to calculate the shift amounts, use an unsigned type, and avoids the undefined behaviour. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> [PMD: Check for ptew > 1, use unsigned type] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20230717213504.24777-3-philmd@linaro.org> |
||
|---|---|---|
| .. | ||
| sysemu | ||
| tcg | ||
| Kconfig | ||
| cpu-defs.c.inc | ||
| cpu-param.h | ||
| cpu-qom.h | ||
| cpu.c | ||
| cpu.h | ||
| fpu.c | ||
| fpu_helper.h | ||
| gdbstub.c | ||
| helper.h | ||
| internal.h | ||
| kvm.c | ||
| kvm_mips.h | ||
| meson.build | ||
| mips-defs.h | ||
| msa.c | ||