Hello! On 2/17/22 1:33 AM, David Laight wrote: >> At the end of qtd_fill(), we assign the 'int count' variable to the 'size_t >> length' field of 'struct ehci_qtd'. In order not to mix the *signed* and >> *unsigned* values let's make that variable and the function's result 'u16' >> as qTD's maximum length is a 15-bit quantity anyway... > > Except that you really don't want to be doing arithmetic on sub-register > sized values. So using/returning *unsigned int* instead should be fine? > On everything except x86 the compiler will have to add instructions > to mask the value to 16 bits (unless its logic can detect that overflow > can never happen). Yeah, I've only looked at the code produced by x86 gcc, should have tried e.g. an ARM toolchain as well... > There is a similar problem with parameters and return values. > They need masking one side of the call (or maybe both). > >> Found by Linux Verification Center (linuxtesting.org) with the SVACE static >> analysis tool. > > Which clearly doesn't understand the implications of its reports. The reports are most probably correct (SVACE actually complains about assigning an *int* variable to 'size_t' field), it's my interpretation which might be at fault here... :-) > David MBR, Sergey