From: Sergey Shtylyov > Sent: 16 February 2022 20:19 > > At the end of qtd_fill(), we assign the 'int count' variable to the 'size_t > length' field of 'struct ehci_qtd'. In order not to mix the *signed* and > *unsigned* values let's make that variable and the function's result 'u16' > as qTD's maximum length is a 15-bit quantity anyway... Except that you really don't want to be doing arithmetic on sub-register sized values. On everything except x86 the compiler will have to add instructions to mask the value to 16 bits (unless its logic can detect that overflow can never happen). There is a similar problem with parameters and return values. They need masking one side of the call (or maybe both). > Found by Linux Verification Center (linuxtesting.org) with the SVACE static > analysis tool. Which clearly doesn't understand the implications of its reports. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
