On 8 July 2012 19:32, Blue Swirl <blauwir...@gmail.com> wrote:
> On Sun, Jul 8, 2012 at 2:04 PM, Peter Maydell <peter.mayd...@linaro.org>
> wrote:
>> On 8 July 2012 13:12, <blauwir...@gmail.com> wrote:
>>> -static inline uint64_t deposit64(uint64_t value, int start, int length,
>>> - uint64_t fieldval)
>>> +static inline uint64_t deposit64(uint64_t value, unsigned int start,
>>> + unsigned int length, uint64_t fieldval)
>>> {
>>> uint64_t mask;
>>> - assert(start >= 0 && length > 0 && length <= 64 - start);
>>> + assert(length > 0 && length <= 64 - start);
>>
>> This breaks the assertion (consider the case of start == UINT_MAX
>> and length == 64).
>
> The original is equally buggy in other cases since there is no bound
> check for the upper limit.
For what upper limit? Overlong length or start should both be caught
by the third condition in the signed case.
-- PMM
