The intermediate result of (Y * 10^-R - b) / m can be negative when
the bias (b) is large and the raw register value is small (e.g. zero
on an uninitialized device). Assigning that negative double to uint32_t
is undefined behavior, caught by UBSan/clang.
Use a double intermediate and clamp negative results to zero (suggested
by Daniel Berrangé)
Fixes: 3746d5c15e70 ("hw/i2c: add support for PMBus")
Signed-off-by: Marc-André Lureau <[email protected]>
---
hw/i2c/pmbus_device.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/hw/i2c/pmbus_device.c b/hw/i2c/pmbus_device.c
index 853dc4b4342..b1f9843f52e 100644
--- a/hw/i2c/pmbus_device.c
+++ b/hw/i2c/pmbus_device.c
@@ -23,8 +23,10 @@ uint16_t pmbus_data2direct_mode(PMBusCoefficients c,
uint32_t value)
uint32_t pmbus_direct_mode2data(PMBusCoefficients c, uint16_t value)
{
/* X = (Y * 10^-R - b) / m */
- uint32_t x = (value / pow(10, c.R) - c.b) / c.m;
- return x;
+ double x = (value / pow(10, c.R) - c.b) / c.m;
+ return (x > 0
+ ? (x < G_MAXUINT32 ? (uint32_t)x : G_MAXUINT32)
+ : 0);
}
uint16_t pmbus_data2linear_mode(uint16_t value, int exp)
--
2.54.0
