From 2a23f0f1189666fe453027eca60daf03c561bfd6 Mon Sep 17 00:00:00 2001 From: Helge Deller Date: Fri, 10 Nov 2023 20:27:43 +0100 Subject: [PATCH] target/hppa: Fix possible overflow in TLB size calculation Coverty found that the shift of TARGET_PAGE_SIZE (32-bit type) might overflow. Fix it by casting TARGET_PAGE_SIZE to a 64-bit type before doing the shift (CID 1523902 and CID 1523908). Reported-by: Peter Maydell Signed-off-by: Helge Deller Message-Id: Reviewed-by: Richard Henderson Signed-off-by: Richard Henderson --- target/hppa/mem_helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/hppa/mem_helper.c b/target/hppa/mem_helper.c index 858ce6ec7f..a13f200359 100644 --- a/target/hppa/mem_helper.c +++ b/target/hppa/mem_helper.c @@ -450,7 +450,7 @@ static void itlbt_pa20(CPUHPPAState *env, target_ulong r1, int mask_shift; mask_shift = 2 * (r1 & 0xf); - va_size = TARGET_PAGE_SIZE << mask_shift; + va_size = (uint64_t)TARGET_PAGE_SIZE << mask_shift; va_b &= -va_size; va_e = va_b + va_size - 1; @@ -505,7 +505,7 @@ static void ptlb_work(CPUState *cpu, run_on_cpu_data data) */ end = start & 0xf; start &= TARGET_PAGE_MASK; - end = TARGET_PAGE_SIZE << (2 * end); + end = (vaddr)TARGET_PAGE_SIZE << (2 * end); end = start + end - 1; hppa_flush_tlb_range(env, start, end);