In of_dpa_mask2prefix() we do "(2 << i)" for a loop where i can go up to 31. At i == 31 we shift off the top end of an integer. This doesn't actually calculate the wrong value in practice, because we calculate 0 - 1 which is the 0xffffffff mask we wanted (and for QEMU shifting off the top of a signed integer is not UB); but it makes Coverity complain.
We could fix this simply by using "2ULL" (where the "(2ULL << i) - 1" expression also evaluates to 0xffffffff for i == 31), but in fact this function is a slow looping implementation of counting the number of trailing zeroes in the (network-order) input mask: 0bxxxxxxxxx1 => 32 0bxxxxxxxx10 => 31 0bxxxxxxx100 => 30 ... 0bx100000000 => 2 0b1000000000 => 1 0b0000000000 => 0 Replace the implementation with 32 - ctz32(). Coverity: CID 1547602 Suggested-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-id: [email protected] --- hw/net/rocker/rocker_of_dpa.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/hw/net/rocker/rocker_of_dpa.c b/hw/net/rocker/rocker_of_dpa.c index 4aed1787566..16b9bc7a4b8 100644 --- a/hw/net/rocker/rocker_of_dpa.c +++ b/hw/net/rocker/rocker_of_dpa.c @@ -198,16 +198,7 @@ typedef struct of_dpa_group { static int of_dpa_mask2prefix(uint32_t mask) { - int i; - int count = 32; - - for (i = 0; i < 32; i++) { - if (!(ntohl(mask) & ((2 << i) - 1))) { - count--; - } - } - - return count; + return 32 - ctz32(ntohl(mask)); } #if defined(DEBUG_ROCKER) -- 2.43.0
