On Saturday 01 May 2010, Frank Mehnert wrote: > On Saturday 01 May 2010, TwoThe wrote: > > Type: Bug > > Severity: minor > > Component: VirtualBox OSE > > Host: Ubuntu 64 > > > > In file src/VBox/Devices/PC/DevAPIC.cpp: > > > > 897 case 0x0d: > > !898 val = apic->log_dest << 24; > > 899 break; > > > > In line 898 "apic->log_dest" with type "unsigned char" (8 bits, unsigned) > > is promoted in "apic->log_dest << 24" to type "int" (32 bits, signed), > > then sign-extended to type "unsigned long long" (64 bits, unsigned). If > > "apic->log_dest << 24" is greater than 0x7FFFFFFF, the upper bits of the > > result will all be 1. > > Confirmed. > > > The same happens in the next case: > > 900 case 0x0e: > > 901 /* Bottom 28 bits are always 1 */ > > !902 val = (apic->dest_mode << 28) | 0xfffffff; > > 903 break; > > > > In line 902 "apic->dest_mode" with type "unsigned char" (8 bits, > > unsigned) is promoted in "(apic->dest_mode << 28) | 0xfffffff" to type > > "int" (32 bits, signed), then sign-extended to type "unsigned long long" > > (64 bits, unsigned). If "(apic->dest_mode << 28) | 0xfffffff" is greater > > than 0x7FFFFFFF, the upper bits of the result will all be 1. > > > > In both cases the value should be cast to the target value (unsigned long > > long) first before shifting. > > Confirmed.
Fixed both in r28954. This code is currently unused. Kind regards, Frank -- Dr.-Ing. Frank Mehnert Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten Amtsgericht München: HRB 161028 Geschäftsführer: Jürgen Kunz
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ vbox-dev mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-dev
