From 9be276e0d45e51422a104ef2eedb29efe2d0ad39 Mon Sep 17 00:00:00 2001
From: Caleb Sander <csander@purestorage.com>
Date: Fri, 13 Oct 2023 19:28:33 -0600
Subject: [PATCH] types: Cast values to u32 if shift overflows int

Bit shifts that overflow the resulting type are undefined behavior in C.
C arithmetic promotes to ints all smaller integer types.
There are several places where a 32-bit unsigned value
is constructed by shifting a u8 or u16 to the most significant bits.
Since this overflows a signed 32-bit integer,
explicitly cast to u32 to avoid the UB.
Technically, an int is allowed to only be 16 bits,
so any shift that could set bit 15 or higher is UB.
But platforms where int is s16 are not very common,
so it's likely not worth the effort to fix the code.

Signed-off-by: Caleb Sander <csander@purestorage.com>
---
 src/nvme/types.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/nvme/types.h b/src/nvme/types.h
index e8dbea37..9aa3ad2e 100644
--- a/src/nvme/types.h
+++ b/src/nvme/types.h
@@ -43,7 +43,7 @@
  * Returns: The 'name' field from 'value'
  */
 #define NVME_SET(value, name) \
-	(((value) & NVME_##name##_MASK) << NVME_##name##_SHIFT)
+	(((__u32)(value) & NVME_##name##_MASK) << NVME_##name##_SHIFT)
 
 /**
  * enum nvme_constants - A place to stash various constant nvme values
-- 
2.50.1