Summary: | Potential shift left overflow in guest_arm_toIR.c | ||
---|---|---|---|
Product: | [Developer tools] valgrind | Reporter: | Ivo Raisr <ivosh> |
Component: | vex | Assignee: | Julian Seward <jseward> |
Status: | REPORTED --- | ||
Severity: | minor | CC: | ivosh |
Priority: | NOR | ||
Version: | 3.13 SVN | ||
Target Milestone: | --- | ||
Platform: | Compiled Sources | ||
OS: | All | ||
Latest Commit: | Version Fixed In: | ||
Attachments: | full analysis |
Description
Ivo Raisr
2016-12-21 08:29:50 UTC
It's complaining about this assign(scale, unop(Iop_I32UtoF64, mkU32( ((UInt)1) << (frac_bits-1) ))); in the case "VCVT fixed<->floating, VFP" (cond 1110 1D11 1p1U Vd 101f x1i0 imm4) From a quick check of the code, it appears that: imm4 can be 0 .. 15 ((imm4 << 1) | bI) can be 0 .. 31 size can be 16 or 32 size - ((imm4 << 1) | bI) can be 32 .. 1 (when size = 32) or 16 .. -15 (when size = 16) and frac_bits = size - ((imm4 << 1) | bI) So the complaint seems correct. The subsequent checks if (frac_bits >= 1 && frac_bits <= 32 && !to_fixed && !dp_op && size == 32) { make it safe, but yes .. it's not good. It would be better to have the frac_bits range check guarding the assignment to |scale|. |