hw/net/rocker: Don't overflow in of_dpa_mask2prefix()
In of_dpa_mask2prefix() we do "(2 << i)" for a loop where i can go up
to 31. At i == 31 we shift off the top end of an integer. This
doesn't actually calculate the wrong value in practice, because we
calculate 0 - 1 which is the 0xffffffff mask we wanted (and for QEMU
shifting off the top of a signed integer is not UB); but it makes
Coverity complain.
We could fix this simply by using "2ULL" (where the "(2ULL << i) - 1"
expression also evaluates to 0xffffffff for i == 31), but in fact
this function is a slow looping implementation of counting the number
of trailing zeroes in the (network-order) input mask:
0bxxxxxxxxx1 => 32
0bxxxxxxxx10 => 31
0bxxxxxxx100 => 30
...
0bx100000000 => 2
0b1000000000 => 1
0b0000000000 => 0
Replace the implementation with 32 - ctz32().
Coverity: CID
1547602
Suggested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20251016145407.781978-1-peter.maydell@linaro.org
projects / thirdparty / qemu.git / commit
