Hello!
On 2/17/22 1:33 AM, David Laight wrote:
>> At the end of qtd_fill(), we assign the 'int count' variable to the 'size_t
>> length' field of 'struct ehci_qtd'. In order not to mix the *signed* and
>> *unsigned* values let's make that variable and the function's result 'u16'
>> as qTD's maximum length is a 15-bit quantity anyway...
>
> Except that you really don't want to be doing arithmetic on sub-register
> sized values.
So using/returning *unsigned int* instead should be fine?
> On everything except x86 the compiler will have to add instructions
> to mask the value to 16 bits (unless its logic can detect that overflow
> can never happen).
Yeah, I've only looked at the code produced by x86 gcc, should have tried
e.g. an ARM toolchain as well...
> There is a similar problem with parameters and return values.
> They need masking one side of the call (or maybe both).
>
>> Found by Linux Verification Center (linuxtesting.org) with the SVACE static
>> analysis tool.
>
> Which clearly doesn't understand the implications of its reports.
The reports are most probably correct (SVACE actually complains about assigning
an *int* variable to 'size_t' field), it's my interpretation which might be
at fault here... :-)
> David
MBR, Sergey
