From 1cb169b27a7e78176de2101ce7c0a577945c8dec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Sat, 19 Sep 2020 15:24:35 +0200 Subject: hw/ssi/npcm7xx_fiu: Fix handling of unsigned integer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix integer handling issues handling issue reported by Coverity: hw/ssi/npcm7xx_fiu.c: 162 in npcm7xx_fiu_flash_read() >>> CID 1432730: Integer handling issues (NEGATIVE_RETURNS) >>> "npcm7xx_fiu_cs_index(fiu, f)" is passed to a parameter that cannot be negative. 162 npcm7xx_fiu_select(fiu, npcm7xx_fiu_cs_index(fiu, f)); hw/ssi/npcm7xx_fiu.c: 221 in npcm7xx_fiu_flash_write() 218 cs_id = npcm7xx_fiu_cs_index(fiu, f); 219 trace_npcm7xx_fiu_flash_write(DEVICE(fiu)->canonical_path, cs_id, addr, 220 size, v); >>> CID 1432729: Integer handling issues (NEGATIVE_RETURNS) >>> "cs_id" is passed to a parameter that cannot be negative. 221 npcm7xx_fiu_select(fiu, cs_id); Since the index of the flash can not be negative, return an unsigned type. Reported-by: Coverity (CID 1432729 & 1432730: NEGATIVE_RETURNS) Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Havard Skinnemoen Message-id: 20200919132435.310527-1-f4bug@amsat.org Signed-off-by: Peter Maydell --- hw/ssi/npcm7xx_fiu.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'hw/ssi/npcm7xx_fiu.c') diff --git a/hw/ssi/npcm7xx_fiu.c b/hw/ssi/npcm7xx_fiu.c index 104e8f2b96..5040132b07 100644 --- a/hw/ssi/npcm7xx_fiu.c +++ b/hw/ssi/npcm7xx_fiu.c @@ -103,7 +103,8 @@ enum NPCM7xxFIURegister { * Returns the index of flash in the fiu->flash array. This corresponds to the * chip select ID of the flash. */ -static int npcm7xx_fiu_cs_index(NPCM7xxFIUState *fiu, NPCM7xxFIUFlash *flash) +static unsigned npcm7xx_fiu_cs_index(NPCM7xxFIUState *fiu, + NPCM7xxFIUFlash *flash) { int index = flash - fiu->flash; @@ -113,20 +114,19 @@ static int npcm7xx_fiu_cs_index(NPCM7xxFIUState *fiu, NPCM7xxFIUFlash *flash) } /* Assert the chip select specified in the UMA Control/Status Register. */ -static void npcm7xx_fiu_select(NPCM7xxFIUState *s, int cs_id) +static void npcm7xx_fiu_select(NPCM7xxFIUState *s, unsigned cs_id) { trace_npcm7xx_fiu_select(DEVICE(s)->canonical_path, cs_id); if (cs_id < s->cs_count) { qemu_irq_lower(s->cs_lines[cs_id]); + s->active_cs = cs_id; } else { qemu_log_mask(LOG_GUEST_ERROR, "%s: UMA to CS%d; this module has only %d chip selects", DEVICE(s)->canonical_path, cs_id, s->cs_count); - cs_id = -1; + s->active_cs = -1; } - - s->active_cs = cs_id; } /* Deassert the currently active chip select. */ @@ -206,7 +206,7 @@ static void npcm7xx_fiu_flash_write(void *opaque, hwaddr addr, uint64_t v, NPCM7xxFIUFlash *f = opaque; NPCM7xxFIUState *fiu = f->fiu; uint32_t dwr_cfg; - int cs_id; + unsigned cs_id; int i; if (fiu->active_cs != -1) { -- cgit v1.2.3