[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 2/2] hvmloader: cast to 64bit before multiplication in get_module_entry

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Wei Liu <wei.liu2@xxxxxxxxxx>
Date: Fri, 19 Aug 2016 09:06:07 +0100
Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
Delivery-date: Fri, 19 Aug 2016 08:06:27 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Coverity complains:

overflow_before_widen: Potentially overflowing expression
info->nr_modules * 32U with type unsigned int (32 bits, unsigned) is
evaluated using 32-bit arithmetic, and then used in a context that
expects an expression of type uint64_t (64 bits, unsigned).

The overflow is unlikely to happen in reality because we only expect a
few modules.

Fix that by casting the variable to 64bit before multiplication to
placate Coverity.

Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
 tools/firmware/hvmloader/hvmloader.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/firmware/hvmloader/hvmloader.c 
b/tools/firmware/hvmloader/hvmloader.c
index 7b32d86..970222c 100644
--- a/tools/firmware/hvmloader/hvmloader.c
+++ b/tools/firmware/hvmloader/hvmloader.c
@@ -272,8 +272,8 @@ const struct hvm_modlist_entry *get_module_entry(
 
     if ( !modlist ||
          info->modlist_paddr > UINTPTR_MAX ||
-         (info->modlist_paddr + info->nr_modules * sizeof(*modlist) - 1)
-            > UINTPTR_MAX )
+         (info->modlist_paddr +
+          (uint64_t)info->nr_modules * sizeof(*modlist) - 1) > UINTPTR_MAX )
         return NULL;
 
     for ( i = 0; i < info->nr_modules; i++ )
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 2/2] hvmloader: cast to 64bit before multiplication in get_module_entry
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH 0/2] hvmloader: fix two issues spotted by Coverity
  - From: Wei Liu

Prev by Date: [Xen-devel] [PATCH 1/2] hvmloader: correctly copy signature to info structures
Next by Date: Re: [Xen-devel] [PATCH 1/2] hvmloader: correctly copy signature to info structures
Previous by thread: Re: [Xen-devel] [PATCH 1/2] hvmloader: correctly copy signature to info structures
Next by thread: Re: [Xen-devel] [PATCH 2/2] hvmloader: cast to 64bit before multiplication in get_module_entry
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.