[vbox-dev] Fwd: Bug report (minor)
Frank Mehnert
Frank.Mehnert at Sun.COM
Mon May 3 05:40:05 PDT 2010
On Saturday 01 May 2010, Frank Mehnert wrote:
> On Saturday 01 May 2010, TwoThe wrote:
> > Type: Bug
> > Severity: minor
> > Component: VirtualBox OSE
> > Host: Ubuntu 64
> >
> > In file src/VBox/Devices/PC/DevAPIC.cpp:
> >
> > 897 case 0x0d:
> > !898 val = apic->log_dest << 24;
> > 899 break;
> >
> > In line 898 "apic->log_dest" with type "unsigned char" (8 bits, unsigned)
> > is promoted in "apic->log_dest << 24" to type "int" (32 bits, signed),
> > then sign-extended to type "unsigned long long" (64 bits, unsigned). If
> > "apic->log_dest << 24" is greater than 0x7FFFFFFF, the upper bits of the
> > result will all be 1.
>
> Confirmed.
>
> > The same happens in the next case:
> > 900 case 0x0e:
> > 901 /* Bottom 28 bits are always 1 */
> > !902 val = (apic->dest_mode << 28) | 0xfffffff;
> > 903 break;
> >
> > In line 902 "apic->dest_mode" with type "unsigned char" (8 bits,
> > unsigned) is promoted in "(apic->dest_mode << 28) | 0xfffffff" to type
> > "int" (32 bits, signed), then sign-extended to type "unsigned long long"
> > (64 bits, unsigned). If "(apic->dest_mode << 28) | 0xfffffff" is greater
> > than 0x7FFFFFFF, the upper bits of the result will all be 1.
> >
> > In both cases the value should be cast to the target value (unsigned long
> > long) first before shifting.
>
> Confirmed.
Fixed both in r28954. This code is currently unused.
Kind regards,
Frank
--
Dr.-Ing. Frank Mehnert
Sitz der Gesellschaft:
Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten
Amtsgericht München: HRB 161028
Geschäftsführer: Jürgen Kunz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://www.virtualbox.org/pipermail/vbox-dev/attachments/20100503/0544198e/attachment-0001.bin
More information about the vbox-dev
mailing list