On Mon, Jan 12, 2026 at 7:05 PM Djordje Todorovic <[email protected]> wrote: > > Cast CM_SIZE to uint64_t before multiplying by the loop counter > to avoid potential integer overflow. > > Resolves: Coverity CID 1644076 > > Signed-off-by: Djordje Todorovic <[email protected]> > --- > hw/riscv/cps.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/riscv/cps.c b/hw/riscv/cps.c > index 86172be5b3..620f54e48a 100644 > --- a/hw/riscv/cps.c > +++ b/hw/riscv/cps.c > @@ -133,7 +133,7 @@ static void riscv_cps_realize(DeviceState *dev, Error > **errp) > sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->gcr), > 0)); > > for (i = 0; i < num_of_clusters; i++) { > - uint64_t cm_base = GLOBAL_CM_BASE + (CM_SIZE * i); > + uint64_t cm_base = GLOBAL_CM_BASE + ((uint64_t)CM_SIZE * i);
You shouldn't need to cast this, instead this should work diff --git a/include/hw/riscv/cps.h b/include/hw/riscv/cps.h index f33fd7ac86..39029bca8f 100644 --- a/include/hw/riscv/cps.h +++ b/include/hw/riscv/cps.h @@ -27,7 +27,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(RISCVCPSState, RISCV_CPS) /* The global CM base for the boston-aia model. */ #define GLOBAL_CM_BASE 0x16100000 /* The CM block is 512 KiB. */ -#define CM_SIZE (1 << 19) +#define CM_SIZE (1ULL << 19) /* * The mhartid bits has cluster at bit 16, core at bit 4, and hart at Alistair > uint32_t hartid_base = i << MHARTID_CLUSTER_SHIFT; > s->aplic = riscv_aplic_create(cm_base + AIA_PLIC_M_OFFSET, > AIA_PLIC_M_SIZE, > -- > 2.34.1
