qemu/aspeed-smc-Fix-possible-integer-overflow.patch

From 041c319f2f91c85aeb4ed0cefa6afa76773fe960 Mon Sep 17 00:00:00 2001
From: qihao <qihao_yewu@cmss.chinamobile.com>
Date: Thu, 25 Jul 2024 09:57:01 +0800
Subject: [PATCH] aspeed/smc: Fix possible integer overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

cheery-pick from 13951ccfcdf0f31902a93859506ccf8c0ef66583

Coverity reports a possible integer overflow because routine
aspeeed_smc_hclk_divisor() has a codepath returning 0, which could
lead to an integer overflow when computing variable 'hclk_shift' in
the caller aspeed_smc_dma_calibration().

The value passed to aspeed_smc_hclk_divisor() is always between 0 and
15 and, in this case, there is always a matching hclk divisor. Remove
the return 0 and use g_assert_not_reached() instead.

Fixes: Coverity CID 1547822
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
---
 hw/ssi/aspeed_smc.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 2a4001b774..8af919a970 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -764,8 +764,7 @@ static uint8_t aspeed_smc_hclk_divisor(uint8_t hclk_mask)
         }
     }
 
-    aspeed_smc_error("invalid HCLK mask %x", hclk_mask);
-    return 0;
+    g_assert_not_reached();
 }
 
 /*
-- 
2.41.0.windows.1
QEMU update to version 8.2.0-17: - cvm : bug fix for undefined reference to 'virtcca_cvm_allowed' while compiling - cvm : bug-fix for incorrect device name check for vhost-user-fs - target/i386: add control bits support for LAM - target/i386: add support for LAM in CPUID enumeration - Add support for the virtcca cvm feature. - target/sparc: use signed denominator in sdiv helper - crypto: Introduce SM4 symmetric cipher algorithm - ppc/vof: Fix unaligned FDT property access - vl: fix "type is NULL" in -vga help - hw/display/bcm2835_fb: fix fb_use_offsets condition - aspeed/smc: Fix possible integer overflow - hw/nvme: fix number of PIDs for FDP RUH update - hw/nvme: fix memory leak in nvme_dsm - hvf: arm: Do not advance PC when raising an exception - physmem: Bail out qemu_ram_block_from_host() for invalid ram addrs Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> 2024-08-21 14:56:27 +08:00			`From 041c319f2f91c85aeb4ed0cefa6afa76773fe960 Mon Sep 17 00:00:00 2001`
			`From: qihao <qihao_yewu@cmss.chinamobile.com>`
			`Date: Thu, 25 Jul 2024 09:57:01 +0800`
			`Subject: [PATCH] aspeed/smc: Fix possible integer overflow`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`cheery-pick from 13951ccfcdf0f31902a93859506ccf8c0ef66583`

			`Coverity reports a possible integer overflow because routine`
			`aspeeed_smc_hclk_divisor() has a codepath returning 0, which could`
			`lead to an integer overflow when computing variable 'hclk_shift' in`
			`the caller aspeed_smc_dma_calibration().`

			`The value passed to aspeed_smc_hclk_divisor() is always between 0 and`
			`15 and, in this case, there is always a matching hclk divisor. Remove`
			`the return 0 and use g_assert_not_reached() instead.`

			`Fixes: Coverity CID 1547822`
			`Suggested-by: Peter Maydell <peter.maydell@linaro.org>`
			`Signed-off-by: Cédric Le Goater <clg@redhat.com>`
			`Reviewed-by: Peter Maydell <peter.maydell@linaro.org>`
			`Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>`
			`---`
			`hw/ssi/aspeed_smc.c \| 3 +--`
			`1 file changed, 1 insertion(+), 2 deletions(-)`

			`diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c`
			`index 2a4001b774..8af919a970 100644`
			`--- a/hw/ssi/aspeed_smc.c`
			`+++ b/hw/ssi/aspeed_smc.c`
			`@@ -764,8 +764,7 @@ static uint8_t aspeed_smc_hclk_divisor(uint8_t hclk_mask)`
			`}`
			`}`

			`- aspeed_smc_error("invalid HCLK mask %x", hclk_mask);`
			`- return 0;`
			`+ g_assert_not_reached();`
			`}`

			`/*`
			`--`
			`2.41.0.windows.1`