[vbox-dev] Fwd: Bug report (minor)
TwoThe
twothe at web.de
Fri Apr 30 15:24:04 PDT 2010
Type: Bug
Severity: minor
Component: VirtualBox OSE
Host: Ubuntu 64
In file src/VBox/Devices/PC/DevAPIC.cpp:
897 case 0x0d:
!898 val = apic->log_dest << 24;
899 break;
In line 898 "apic->log_dest" with type "unsigned char" (8 bits, unsigned) is promoted in "apic->log_dest << 24" to type "int" (32 bits, signed), then sign-extended to type "unsigned long long" (64 bits, unsigned). If "apic->log_dest << 24" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
The same happens in the next case:
900 case 0x0e:
901 /* Bottom 28 bits are always 1 */
!902 val = (apic->dest_mode << 28) | 0xfffffff;
903 break;
In line 902 "apic->dest_mode" with type "unsigned char" (8 bits, unsigned) is promoted in "(apic->dest_mode << 28) | 0xfffffff" to type "int" (32 bits, signed), then sign-extended to type "unsigned long long" (64 bits, unsigned). If "(apic->dest_mode << 28) | 0xfffffff" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
In both cases the value should be cast to the target value (unsigned long long) first before shifting.
More information about the vbox-dev
mailing list