diff options
author | Cédric Le Goater <clg@kaod.org> | 2022-06-30 09:21:13 +0200 |
---|---|---|
committer | Cédric Le Goater <clg@kaod.org> | 2022-06-30 09:21:13 +0200 |
commit | 75dbf30be85f5163814b61aae87f93898d5fc53d (patch) | |
tree | f82528964b9c80237f3c5163daf28406ecfdca06 /hw/ssi | |
parent | 0dbf6dc5766837c3d398c2d9f1d1695f4782fd77 (diff) |
aspeed/smc: Fix potential overflow
Coverity warns that "ssi_transfer(s->spi, 0U) << 8 * i" might overflow
because the expression is evaluated using 32-bit arithmetic and then
used in a context expecting a uint64_t.
Fixes: Coverity CID 1487244
Message-Id: <20220628165512.1133590-1-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Diffstat (limited to 'hw/ssi')
-rw-r--r-- | hw/ssi/aspeed_smc.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c index 68aa697164..faed7e0cbe 100644 --- a/hw/ssi/aspeed_smc.c +++ b/hw/ssi/aspeed_smc.c @@ -488,7 +488,7 @@ static uint64_t aspeed_smc_flash_read(void *opaque, hwaddr addr, unsigned size) switch (aspeed_smc_flash_mode(fl)) { case CTRL_USERMODE: for (i = 0; i < size; i++) { - ret |= ssi_transfer(s->spi, 0x0) << (8 * i); + ret |= (uint64_t) ssi_transfer(s->spi, 0x0) << (8 * i); } break; case CTRL_READMODE: @@ -497,7 +497,7 @@ static uint64_t aspeed_smc_flash_read(void *opaque, hwaddr addr, unsigned size) aspeed_smc_flash_setup(fl, addr); for (i = 0; i < size; i++) { - ret |= ssi_transfer(s->spi, 0x0) << (8 * i); + ret |= (uint64_t) ssi_transfer(s->spi, 0x0) << (8 * i); } aspeed_smc_flash_unselect(fl); |