On 16/10/25 16:54, Peter Maydell wrote:
In of_dpa_mask2prefix() we do "(2 << i)" for a loop where i can go up
to 31. At i == 31 we shift off the top end of an integer. This
doesn't actually calculate the wrong value in practice, because we
calculate 0 - 1 which is the 0xffffffff mask we wanted (and for QEMU
shifting off the top of a signed integer is not UB); but it makes
Coverity complain.
We could fix this simply by using "2ULL" (where the "(2ULL << i) - 1"
expression also evaluates to 0xffffffff for i == 31), but in fact
this function is a slow looping implementation of counting the number
of trailing zeroes in the (network-order) input mask:
0bxxxxxxxxx1 => 32
0bxxxxxxxx10 => 31
0bxxxxxxx100 => 30
...
0bx100000000 => 2
0b1000000000 => 1
0b0000000000 => 0
Replace the implementation with 32 - ctz32().
Coverity: CID 1547602
Suggested-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
---
I submitted the "2ULL" version of the patch back in July;
Philippe suggested this improvement but I never got round to
going back and checking it gave the same answers and resending.
---
hw/net/rocker/rocker_of_dpa.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Thanks!
