On Mon, Nov 4, 2024 at 10:41 PM Daniel Henrique Barboza
<dbarb...@ventanamicro.com> wrote:
>
> Coverity reports an unsigned overflow when doing:
>
> for (; depth-- > 0; ) {
>
> When depth = 0 inside riscv_iommu_ctx_fetch().
>
> Building it with a recent GCC the code doesn't actually break with depth
> = 0, i.e. the comparison "0-- > 0" will exit the loop instead of
> proceeding, but 'depth' will retain the overflow value afterwards.
>
> This behavior can be compiler dependent, so change 'depth' to int to
> remove this potential ambiguity.
>
> Resolves: Coverity CID 1564783
> Fixes: 0c54acb8243 ("hw/riscv: add RISC-V IOMMU base emulation")
> Signed-off-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>
Alistair
> ---
> hw/riscv/riscv-iommu.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/riscv/riscv-iommu.c b/hw/riscv/riscv-iommu.c
> index feb650549a..05341ad20b 100644
> --- a/hw/riscv/riscv-iommu.c
> +++ b/hw/riscv/riscv-iommu.c
> @@ -846,7 +846,7 @@ static int riscv_iommu_ctx_fetch(RISCVIOMMUState *s,
> RISCVIOMMUContext *ctx)
> /* Device Context format: 0: extended (64 bytes) | 1: base (32 bytes) */
> const int dc_fmt = !s->enable_msi;
> const size_t dc_len = sizeof(dc) >> dc_fmt;
> - unsigned depth;
> + int depth;
> uint64_t de;
>
> switch (mode) {
> --
> 2.45.2
>
>
