Add a cast to avoid potentially shifting into the sign bit of
a signed value, which is undefined behaviour in C.
(Detected with clang's -fsanitize=undefined.)
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
---
Not the only problem clang detects by a long shot. I don't know if
we even want to try to fix the warnings about loads of 32 bit values
from misaligned addresses, but there are some more shift related
warnings that we might as well zap.
hw/sd/pl181.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/sd/pl181.c b/hw/sd/pl181.c
index e08fd04..e5128c4 100644
--- a/hw/sd/pl181.c
+++ b/hw/sd/pl181.c
@@ -175,7 +175,7 @@ static void pl181_send_command(pl181_state *s)
if (rlen < 0)
goto error;
if (s->cmd & PL181_CMD_RESPONSE) {
-#define RWORD(n) ((response[n] << 24) | (response[n + 1] << 16) \
+#define RWORD(n) (((uint32_t)response[n] << 24) | (response[n + 1] << 16) \
| (response[n + 2] << 8) | response[n + 3])
if (rlen == 0 || (rlen == 4 && (s->cmd & PL181_CMD_LONGRESP)))
goto error;
--
1.7.9.5
