On Tue, 28 Jun 2022 at 16:55, Cédric Le Goater <c...@kaod.org> wrote: > > Coverity warns that "ssi_transfer(s->spi, 0U) << 8 * i" might overflow > because the expression is evaluated using 32-bit arithmetic and then > used in a context expecting a uint64_t.
Would it make sense to also place a limit on "size"? assert(size < something) > > Fixes: Coverity CID 1487244 > Signed-off-by: Cédric Le Goater <c...@kaod.org> > --- > hw/ssi/aspeed_smc.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c > index d2b1dde604e3..26640539ae64 100644 > --- a/hw/ssi/aspeed_smc.c > +++ b/hw/ssi/aspeed_smc.c > @@ -490,7 +490,7 @@ static uint64_t aspeed_smc_flash_read(void *opaque, > hwaddr addr, unsigned size) > switch (aspeed_smc_flash_mode(fl)) { > case CTRL_USERMODE: > for (i = 0; i < size; i++) { > - ret |= ssi_transfer(s->spi, 0x0) << (8 * i); > + ret |= (uint64_t) ssi_transfer(s->spi, 0x0) << (8 * i); > } > break; > case CTRL_READMODE: > @@ -499,7 +499,7 @@ static uint64_t aspeed_smc_flash_read(void *opaque, > hwaddr addr, unsigned size) > aspeed_smc_flash_setup(fl, addr); > > for (i = 0; i < size; i++) { > - ret |= ssi_transfer(s->spi, 0x0) << (8 * i); > + ret |= (uint64_t) ssi_transfer(s->spi, 0x0) << (8 * i); > } > > aspeed_smc_flash_unselect(fl); > -- > 2.35.3 >