From: Denis Rastyogin Date: Fri, 24 Jan 2025 12:26:32 +0000 (+0300) Subject: target/mips: Fix possible MSA int overflow X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=96adf9b404e51b9acdf9592595ad935905de1f4e;p=qemu.git target/mips: Fix possible MSA int overflow Fix possible overflow in 1 << (DF_BITS(df) - 2) when DF_BITS(df) is 64 by using a 64-bit integer for the shift operation. Found by Linux Verification Center (linuxtesting.org) with SVACE. Reported-by: Dmitriy Fedin Signed-off-by: Denis Rastyogin Reviewed-by: Peter Maydell Message-ID: <20250124122707.54264-1-gerben@altlinux.org> Signed-off-by: Philippe Mathieu-Daudé --- diff --git a/target/mips/tcg/msa_helper.c b/target/mips/tcg/msa_helper.c index ec38d9fde5..74fb80cc25 100644 --- a/target/mips/tcg/msa_helper.c +++ b/target/mips/tcg/msa_helper.c @@ -5577,7 +5577,7 @@ static inline int64_t msa_mulr_q_df(uint32_t df, int64_t arg1, int64_t arg2) { int64_t q_min = DF_MIN_INT(df); int64_t q_max = DF_MAX_INT(df); - int64_t r_bit = 1 << (DF_BITS(df) - 2); + int64_t r_bit = 1LL << (DF_BITS(df) - 2); if (arg1 == q_min && arg2 == q_min) { return q_max; @@ -5685,7 +5685,7 @@ static inline int64_t msa_maddr_q_df(uint32_t df, int64_t dest, int64_t arg1, int64_t q_max = DF_MAX_INT(df); int64_t q_min = DF_MIN_INT(df); - int64_t r_bit = 1 << (DF_BITS(df) - 2); + int64_t r_bit = 1LL << (DF_BITS(df) - 2); q_prod = arg1 * arg2; q_ret = ((dest << (DF_BITS(df) - 1)) + q_prod + r_bit) >> (DF_BITS(df) - 1); @@ -5700,7 +5700,7 @@ static inline int64_t msa_msubr_q_df(uint32_t df, int64_t dest, int64_t arg1, int64_t q_max = DF_MAX_INT(df); int64_t q_min = DF_MIN_INT(df); - int64_t r_bit = 1 << (DF_BITS(df) - 2); + int64_t r_bit = 1LL << (DF_BITS(df) - 2); q_prod = arg1 * arg2; q_ret = ((dest << (DF_BITS(df) - 1)) - q_prod + r_bit) >> (DF_BITS(df) - 1);