Dev news

Commit c5d36da7ec for qemu.org

commit c5d36da7ec62e4c72a72a437057fb6072cf0d6ab
Author: Dmitry Frolov <frolov@swemel.ru>
Date:   Tue Nov 19 13:02:05 2024 +0000

    hw/timer/exynos4210_mct: fix possible int overflow

    The product "icnto * s->tcntb" may overflow uint32_t.

    Found by Linux Verification Center (linuxtesting.org) with SVACE.

    Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
    Message-id: 20241106083801.219578-2-frolov@swemel.ru
    Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
    Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c
index e807fe2de9..5c6e139b20 100644
--- a/hw/timer/exynos4210_mct.c
+++ b/hw/timer/exynos4210_mct.c
@@ -815,7 +815,7 @@ static uint32_t exynos4210_ltick_cnt_get_cnto(struct tick_timer *s)
         /* Both are counting */
         icnto = remain / s->tcntb;
         if (icnto) {
-            tcnto = remain % (icnto * s->tcntb);
+            tcnto = remain % ((uint64_t)icnto * s->tcntb);
         } else {
             tcnto = remain % s->tcntb;
         }