On 07/06/2011 03:03 PM, Hannes Reinecke wrote:
uint32_t ldub_phys(target_phys_addr_t addr);
uint32_t lduw_phys(target_phys_addr_t addr);
Hmm? ldub is supposed to read an 'unsigned byte' (uint8_t),
and lduw is supposed to read an 'unsigned word' (uint16_t).
Why does it return an uint32_t?
I don't know if this is the reason, but uint{8,16}_t are promoted to a
signed int. So when you do
(uint64_t) (ldub_phys (addr) << 24)
you'd get a sign extension in bits 32-63. Admittedly a bit contrived,
but it can happen and QEMU is full of such bugs:
case 4:
lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
break;
(found by Coverity).
This was the reason for my series at
http://permalink.gmane.org/gmane.comp.emulators.qemu/105336 (which you
reminded me to ping---thanks!)
Paolo
