From: Wei Liu <wei.liu2@citrix.com>
Date: Wed, 28 Sep 2016 15:38:19 +0000 (+0100)
Subject: libxc: fix out of range shift in populate_acpi_pages
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~277
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=d7c34a18a9fd6c6dccf99eeeeaf14ff352bc4c0d;p=xen.git

libxc: fix out of range shift in populate_acpi_pages

unsigned int is only 4-byte long and "4" is treated as int. The shift
would overflow.

Use unsigned long type, calculate the bits to shift before shifting
instead of shifting twice.

Caught by clang compilation test.

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
---

diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c
index 87b450c9bb..5884cdb481 100644
--- a/tools/libxc/xc_dom_core.c
+++ b/tools/libxc/xc_dom_core.c
@@ -1048,7 +1048,7 @@ static int populate_acpi_pages(struct xc_dom_image *dom,
     xc_interface *xch = dom->xch;
     uint32_t domid = dom->guest_domid;
     unsigned long idx;
-    unsigned int first_high_idx = (4 << 30) >> PAGE_SHIFT; /* 4GB */
+    unsigned long first_high_idx = 4UL << (30 - PAGE_SHIFT); /* 4GB */
 
     for ( ; num_pages; num_pages--, extents++ )
     {