macio: fix overflow in lba to offset conversion for ATAPI devices

As the IDEState lba field is an int32_t, make sure we cast to int64_t before shifting to calculate the offset. Otherwise we end up with an overflow when trying to access sectors beyond 2GB as can occur when using DVD images. [Maintainer edit: fixed extraneous parentheses. --js] Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 1451928613-29476-1-git-send-email-mark.cave-ayland@ilande.co.uk Signed-off-by: John Snow <jsnow@redhat.com>
author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> 2016-01-11 14:10:42 -0500
committer: Timothy Pearson <tpearson@raptorengineering.com> 2019-11-29 19:28:23 -0600
commit: 182d517797c9f210c9b00c94e326637583427949 (patch)
tree: d78db3501a2434904cd36c7f14f4eec65fdc663d /hw/ide
parent: 12ccf0f49c7cee40079406db71bc18a26e4e9014 (diff)
download: hqemu-182d517797c9f210c9b00c94e326637583427949.zip
hqemu-182d517797c9f210c9b00c94e326637583427949.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index 9771261..d4031b6 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -280,7 +280,7 @@ static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
     }
 
     /* Calculate current offset */
-    offset = (int64_t)(s->lba << 11) + s->io_buffer_index;
+    offset = ((int64_t)s->lba << 11) + s->io_buffer_index;
 
     pmac_dma_read(s->blk, offset, io->len, pmac_ide_atapi_transfer_cb, io);
     return;
author	Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>	2016-01-11 14:10:42 -0500
committer	Timothy Pearson <tpearson@raptorengineering.com>	2019-11-29 19:28:23 -0600
commit	182d517797c9f210c9b00c94e326637583427949 (patch)
tree	d78db3501a2434904cd36c7f14f4eec65fdc663d /hw/ide
parent	12ccf0f49c7cee40079406db71bc18a26e4e9014 (diff)
download	hqemu-182d517797c9f210c9b00c94e326637583427949.zip hqemu-182d517797c9f210c9b00c94e326637583427949.tar.gz