[sdl-qemu] disas/sparc: Fix integer overflow in compare_opcodes()

Commit Message

zeff@altlinux.org Feb. 18, 2025, 8:58 a.m. UTC

From: Denis Sergeev <zeff@altlinux.org>

Fix an integer overflow issue caused by a left shift operation (1 << i)
on an int literal. For i >= 31, this could lead to undefined behavior by
exceeding the 32-bit range.

To prevent this, explicitly cast the literal to an unsigned long int
(1UL << i), ensuring the shift operation is performed safely.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2618
Reported-by: E. Bykhanova <e.bykhanova@fobos-nt.ru>
Signed-off-by: Denis Sergeev <zeff@altlinux.org>
---
 disas/sparc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Patch

diff --git a/disas/sparc.c b/disas/sparc.c
index 5689533ce1..92b9ac754f 100644
--- a/disas/sparc.c
+++ b/disas/sparc.c
@@ -2515,7 +2515,7 @@  compare_opcodes (const void * a, const void * b)
      another, it is important to order the opcodes in the right order.  */
   for (i = 0; i < 32; ++i)
     {
-      unsigned long int x = 1 << i;
+      unsigned long int x = 1UL << i;
       int x0 = (match0 & x) != 0;
       int x1 = (match1 & x) != 0;
 
@@ -2525,7 +2525,7 @@  compare_opcodes (const void * a, const void * b)
 
   for (i = 0; i < 32; ++i)
     {
-      unsigned long int x = 1 << i;
+      unsigned long int x = 1UL << i;
       int x0 = (lose0 & x) != 0;
       int x1 = (lose1 & x) != 0;