[vbox-dev] Fwd: Bug report (minor)
Frank Mehnert
Frank.Mehnert at Sun.COM
Sat May 1 07:13:21 GMT 2010
On Saturday 01 May 2010, TwoThe wrote:
> Type: Bug
> Severity: minor
> Component: VirtualBox OSE
> Host: Ubuntu 64
>
> In file src/VBox/Devices/PC/DevAPIC.cpp:
>
> 897 case 0x0d:
> !898 val = apic->log_dest << 24;
> 899 break;
>
> In line 898 "apic->log_dest" with type "unsigned char" (8 bits, unsigned)
> is promoted in "apic->log_dest << 24" to type "int" (32 bits, signed), then
> sign-extended to type "unsigned long long" (64 bits, unsigned). If
> "apic->log_dest << 24" is greater than 0x7FFFFFFF, the upper bits of the
> result will all be 1.
Confirmed.
> The same happens in the next case:
> 900 case 0x0e:
> 901 /* Bottom 28 bits are always 1 */
> !902 val = (apic->dest_mode << 28) | 0xfffffff;
> 903 break;
>
> In line 902 "apic->dest_mode" with type "unsigned char" (8 bits, unsigned)
> is promoted in "(apic->dest_mode << 28) | 0xfffffff" to type "int" (32
> bits, signed), then sign-extended to type "unsigned long long" (64 bits,
> unsigned). If "(apic->dest_mode << 28) | 0xfffffff" is greater than
> 0x7FFFFFFF, the upper bits of the result will all be 1.
>
> In both cases the value should be cast to the target value (unsigned long
> long) first before shifting.
Confirmed.
Kind regards,
Frank
--
Dr.-Ing. Frank Mehnert
Sitz der Gesellschaft:
Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten
Amtsgericht München: HRB 161028
Geschäftsführer: Jürgen Kunz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20100501/071a59e7/attachment.sig>
More information about the vbox-dev
mailing list