From 188df56eab8ed960e407762e31a35fc666355132 Mon Sep 17 00:00:00 2001 From: Roman Penyaev Date: Fri, 29 Nov 2024 11:32:38 +0100 Subject: [PATCH] chardev/char-mux: shift unsigned long to avoid 32-bit overflow MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Allthough the size of MAX_MUX is equal to 4 and likely will never change, this patch changes type of constant to unsigned long to be on the safe side. Also add a static compile check that MAX_MUX never bigger than `sizeof(d->mux_bitset) * BITS_PER_BYTE`. Signed-off-by: Roman Penyaev Reviewed-by: "Marc-André Lureau" Cc: Paolo Bonzini Cc: Peter Maydell Reviewed-by: Clément Mathieu--Drif Cc: qemu-devel@nongnu.org Message-ID: <20241129103239.464061-2-r.peniaev@gmail.com> --- chardev/char-mux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/chardev/char-mux.c b/chardev/char-mux.c index bda5c45e605..9d67b8bd9ab 100644 --- a/chardev/char-mux.c +++ b/chardev/char-mux.c @@ -316,6 +316,8 @@ bool mux_chr_attach_frontend(MuxChardev *d, CharBackend *b, { unsigned int bit; + QEMU_BUILD_BUG_ON(MAX_MUX > (sizeof(d->mux_bitset) * BITS_PER_BYTE)); + bit = find_next_zero_bit(&d->mux_bitset, MAX_MUX, 0); if (bit >= MAX_MUX) { error_setg(errp, @@ -325,7 +327,7 @@ bool mux_chr_attach_frontend(MuxChardev *d, CharBackend *b, return false; } - d->mux_bitset |= (1 << bit); + d->mux_bitset |= (1ul << bit); d->backends[bit] = b; *tag = bit; @@ -341,7 +343,7 @@ bool mux_chr_detach_frontend(MuxChardev *d, unsigned int tag) return false; } - d->mux_bitset &= ~(1 << bit); + d->mux_bitset &= ~(1ul << bit); d->backends[bit] = NULL; return true; -- 2.39.5