From: Richard Henderson <richard.hender...@linaro.org> Coverity rightly notes that ctz32(bas) on 0 will return 32, which makes the len calculation a BAD_SHIFT.
A value of 0 in DBGWCR<n>_EL1.BAS is reserved. Simply move the existing check we have for this case. Reported-by: Coverity (CID 1421964) Signed-off-by: Richard Henderson <richard.hender...@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com> Message-id: 20200320160622.8040-2-richard.hender...@linaro.org Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> --- target/arm/helper.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index d2ec2c53510..b7b6887241d 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6340,17 +6340,18 @@ void hw_watchpoint_update(ARMCPU *cpu, int n) int bas = extract64(wcr, 5, 8); int basstart; - if (bas == 0) { - /* This must act as if the watchpoint is disabled */ - return; - } - if (extract64(wvr, 2, 1)) { /* Deprecated case of an only 4-aligned address. BAS[7:4] are * ignored, and BAS[3:0] define which bytes to watch. */ bas &= 0xf; } + + if (bas == 0) { + /* This must act as if the watchpoint is disabled */ + return; + } + /* The BAS bits are supposed to be programmed to indicate a contiguous * range of bytes. Otherwise it is CONSTRAINED UNPREDICTABLE whether * we fire for each byte in the word/doubleword addressed by the WVR. -- 2.20.1