Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-17 01:54:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(gicv3/multichip): fix overflow caused by left shift

Browse source 
When spi_id_max is 5119, the expression `(spi_id_max - 4096U + 1U >> 5)`
evaluates to 32 leading to undefined behavior when using it to left
shift 1. Fix this undefined behavior.

Reported-by coverity scan:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/RMB4U7COL6IONZWEGF2FWXOQ6FPDIT4U/

```
    large_shift: In expression 1 << (spi_id_max - 4096U + 1U >> 5), left
    shifting by more than 31 bits has undefined behavior. The shift
    amount, spi_id_max - 4096U + 1U >> 5, is as much as 32.
```

Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I5e77a78b81a6d0367875e7ea432a82b6ba0e587c
This commit is contained in:
Vijayenthiran Subramaniam 2022-09-29 15:33:50 +05:30
parent 402d2316c8
commit 6aea7624a0
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
drivers/arm/gic/v3/gic600_multichip_private.h
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, ARM Limited. All rights reserved.
* Copyright (c) 2019-2022, ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@ -74,7 +74,8 @@
* Multichip data assertion macros
*/
/* Set bits from 0 to ((spi_id_max + 1) / 32) */
#define SPI_BLOCKS_TILL_MAX(spi_id_max) ((1 << (((spi_id_max) + 1) >> 5)) - 1)
#define SPI_BLOCKS_TILL_MAX(spi_id_max) \
((1ULL << (((spi_id_max) + 1) >> 5)) - 1)
/* Set bits from 0 to (spi_id_min / 32) */
#define SPI_BLOCKS_TILL_MIN(spi_id_min) ((1 << ((spi_id_min) >> 5)) - 1)
/* Set bits from (spi_id_min / 32) to ((spi_id_max + 1) / 32) */