hw/display/framebuffer.c: Avoid overflow for framebuffers > 4GB

Coverity points out that calculating src_len by multiplying
src_width by rows could overflow. This can only happen in
the implausible case of a framebuffer larger than 4GB, but
we may as well fix it, placating Coverity. (CID1005515)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/display/framebuffer.c b/hw/display/framebuffer.c
index df51358e7285b6a9d1354354a3b2003f6ebe87e9..25aa46c8c7fe3cf386a8fab28326185698e68407 100644 (file)
--- a/hw/display/framebuffer.c
+++ b/hw/display/framebuffer.c
@@ -78,7 +78,7 @@ void framebuffer_update_display(
 
     i = *first_row;
     *first_row = -1;
-    src_len = src_width * rows;
+    src_len = (hwaddr)src_width * rows;
 
     mem = mem_section->mr;
     if (!mem) {