From: Peter Maydell <peter.maydell@linaro.org>
Date: Fri, 15 Jun 2018 13:57:14 +0000 (+0100)
Subject: exec.c: Don't accidentally sign-extend 4-byte loads in subpage_read()
X-Git-Tag: qemu-xen-4.12.0-rc1~163^2~26
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=22672c6075a16d1998e37686f02ed4bd2fb30f78;p=qemu-xen.git

exec.c: Don't accidentally sign-extend 4-byte loads in subpage_read()

In subpage_read() we perform a load of the data into a local buffer
which we then access using ldub_p(), lduw_p(), ldl_p() or ldq_p()
depending on its size, storing the result into the uint64_t *data.
Since ldl_p() returns an 'int', this means that for the 4-byte
case we will sign-extend the data, whereas for 1 and 2 byte
reads we zero-extend it.

This ought not to matter since the caller will likely ignore values in
the high bytes of the data, but add a cast so that we're consistent.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180611171007.4165-3-peter.maydell@linaro.org
---

diff --git a/exec.c b/exec.c
index 9cbba6adcd..90b47cde7b 100644
--- a/exec.c
+++ b/exec.c
@@ -2747,7 +2747,7 @@ static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
         *data = lduw_p(buf);
         return MEMTX_OK;
     case 4:
-        *data = ldl_p(buf);
+        *data = (uint32_t)ldl_p(buf);
         return MEMTX_OK;
     case 8:
         *data = ldq_p(buf);