From f49fabda399b0f9f242fb2d3523b4661cb23506e Mon Sep 17 00:00:00 2001
From: dinglimin <dinglimin@cmss.chinamobile.com>
Date: Thu, 14 Aug 2025 14:34:30 +0800
Subject: [PATCH] hw/display/framebuffer: Add cast to force 64x64 multiply

In framebuffer_update_display(), Coverity complains because we
multiply two values of type 'int' (which will be done as a 32x32
multiply and so in theory might overflow) and then add the result to
a ram_addr_t, which can be 64 bits.

4GB framebuffers are not plausible anyway, but keep Coverity happy
by adding casts which force these multiplies to be done as 64x64.

Coverity: CID 1487248
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-id: 20250710174312.1313177-1-peter.maydell@linaro.org
Signed-off-by: dinglimin <dinglimin@cmss.chinamobile.com>
---
 hw/display/framebuffer.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/display/framebuffer.c b/hw/display/framebuffer.c
index 4485aa335b..9fff1c754f 100644
--- a/hw/display/framebuffer.c
+++ b/hw/display/framebuffer.c
@@ -99,6 +99,10 @@ void framebuffer_update_display(
     src += i * src_width;
     dest += i * dest_row_pitch;
 
+    addr += (uint64_t)i * src_width;
+    src += (uint64_t)i * src_width;
+    dest += (uint64_t)i * dest_row_pitch;
+
     snap = memory_region_snapshot_and_clear_dirty(mem, addr, src_width * rows,
                                                   DIRTY_MEMORY_VGA);
     for (; i < rows; i++) {
-- 
Gitee