Coverity complains that in functions like pci_set_word_by_mask()
we might end up shifting by more than 31 bits. This is true,
but only if the caller passes in a zero mask. Help Coverity out
by asserting that the mask argument is valid.
Fixes: CID 1487168
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
---
Note that only 1 of these 4 functions is used, and that only
in 2 places in the codebase. In both cases the mask argument
is a compile-time constant.
v1->v2 changes: remove unnecessary masking
---
include/hw/pci/pci.h | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
index c79144bc5ef..97937cc9221 100644
--- a/include/hw/pci/pci.h
+++ b/include/hw/pci/pci.h
@@ -688,7 +688,10 @@ static inline void
pci_set_byte_by_mask(uint8_t *config, uint8_t mask, uint8_t reg)
{
uint8_t val = pci_get_byte(config);
- uint8_t rval = reg << ctz32(mask);
+ uint8_t rval;
+
+ assert(mask);
+ rval = reg << ctz32(mask);
pci_set_byte(config, (~mask & val) | (mask & rval));
}
@@ -696,7 +699,10 @@ static inline void
pci_set_word_by_mask(uint8_t *config, uint16_t mask, uint16_t reg)
{
uint16_t val = pci_get_word(config);
- uint16_t rval = reg << ctz32(mask);
+ uint16_t rval;
+
+ assert(mask);
+ rval = reg << ctz32(mask);
pci_set_word(config, (~mask & val) | (mask & rval));
}
@@ -704,7 +710,10 @@ static inline void
pci_set_long_by_mask(uint8_t *config, uint32_t mask, uint32_t reg)
{
uint32_t val = pci_get_long(config);
- uint32_t rval = reg << ctz32(mask);
+ uint32_t rval;
+
+ assert(mask);
+ rval = reg << ctz32(mask);
pci_set_long(config, (~mask & val) | (mask & rval));
}
@@ -712,7 +721,10 @@ static inline void
pci_set_quad_by_mask(uint8_t *config, uint64_t mask, uint64_t reg)
{
uint64_t val = pci_get_quad(config);
- uint64_t rval = reg << ctz32(mask);
+ uint64_t rval;
+
+ assert(mask);
+ rval = reg << ctz32(mask);
pci_set_quad(config, (~mask & val) | (mask & rval));
}
--
2.25.1
