[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/2] tcg: avoid integer overflow
|
From: |
Peter Maydell |
|
Subject: |
Re: [PATCH 1/2] tcg: avoid integer overflow |
|
Date: |
Mon, 16 Mar 2020 14:04:51 +0000 |
On Mon, 16 Mar 2020 at 13:15, Yifei Jiang <address@hidden> wrote:
>
> This fixes coverity issues 75234842, etc.,:
Where does this issue number come from, by the way?
It's not from the online Coverity Scan we use which
is the issue ID we usually cite for coverity stuff.
> 2221 tcg_gen_andi_i64(t, t, dup_const(vece, 1));
> CID 75234842: (OVERFLOW_BEFORE_WIDEN)
> 2222. overflow_before_widen: Potentially overflowing expression "1 <<
> nbit" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic,
> and then used in a context that expects an expression of type "int64_t" (64
> bits, signed).
> 2222 tcg_gen_muli_i64(t, t, (1 << nbit) - 1);
Again, you need to apply a more critical eye to the Coverity
suggestions. For instance:
> diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c
> index 327d9588e0..3aeb049a46 100644
> --- a/tcg/tcg-op-gvec.c
> +++ b/tcg/tcg-op-gvec.c
> @@ -2219,7 +2219,7 @@ static void gen_absv_mask(TCGv_i64 d, TCGv_i64 b,
> unsigned vece)
> /* Create -1 for each negative element. */
> tcg_gen_shri_i64(t, b, nbit - 1);
> tcg_gen_andi_i64(t, t, dup_const(vece, 1));
> - tcg_gen_muli_i64(t, t, (1 << nbit) - 1);
> + tcg_gen_muli_i64(t, t, ((int64_t)1 << nbit) - 1);
In this function nbit can only be 8 or 16, so this shift
can never overflow.
I haven't checked whether any of the others are valid.
thanks
-- PMM