From: Cédric Le Goater <clg@redhat.com>
Date: Fri, 12 Jul 2024 15:13:15 +0000 (+0200)
Subject: aspeed/smc: Fix possible integer overflow
X-Git-Tag: v9.1.0-rc0~23^2~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=13951ccfcdf0f31902a93859506ccf8c0ef66583;p=thirdparty%2Fqemu.git

aspeed/smc: Fix possible integer overflow

Coverity reports a possible integer overflow because routine
aspeeed_smc_hclk_divisor() has a codepath returning 0, which could
lead to an integer overflow when computing variable 'hclk_shift' in
the caller aspeed_smc_dma_calibration().

The value passed to aspeed_smc_hclk_divisor() is always between 0 and
15 and, in this case, there is always a matching hclk divisor. Remove
the return 0 and use g_assert_not_reached() instead.

Fixes: Coverity CID 1547822
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---

diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 49205ab76d3..f39fb85a35e 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -789,8 +789,7 @@ static uint8_t aspeed_smc_hclk_divisor(uint8_t hclk_mask)
         }
     }
 
-    aspeed_smc_error("invalid HCLK mask %x", hclk_mask);
-    return 0;
+    g_assert_not_reached();
 }
 
 /*