[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 01/47] xen-pt: fix Negative array index read
|
From: |
Michael Tokarev |
|
Subject: |
[Qemu-devel] [PULL 01/47] xen-pt: fix Negative array index read |
|
Date: |
Wed, 4 Mar 2015 20:06:18 +0300 |
From: Gonglei <address@hidden>
Coverity spot:
Function xen_pt_bar_offset_to_index() may return a negative
value (-1) which is used as an index to d->io_regions[] down
the line.
Let's pass index directly as an argument to
xen_pt_bar_reg_parse().
Signed-off-by: Gonglei <address@hidden>
Acked-by: Stefano Stabellini <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
---
hw/xen/xen_pt_config_init.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index de9a20f..710fe50 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -360,15 +360,13 @@ static uint64_t xen_pt_get_bar_size(PCIIORegion *r)
}
static XenPTBarFlag xen_pt_bar_reg_parse(XenPCIPassthroughState *s,
- XenPTRegInfo *reg)
+ int index)
{
PCIDevice *d = &s->dev;
XenPTRegion *region = NULL;
PCIIORegion *r;
- int index = 0;
/* check 64bit BAR */
- index = xen_pt_bar_offset_to_index(reg->offset);
if ((0 < index) && (index < PCI_ROM_SLOT)) {
int type = s->real_device.io_regions[index - 1].type;
@@ -422,7 +420,7 @@ static int xen_pt_bar_reg_init(XenPCIPassthroughState *s,
XenPTRegInfo *reg,
}
/* set BAR flag */
- s->bases[index].bar_flag = xen_pt_bar_reg_parse(s, reg);
+ s->bases[index].bar_flag = xen_pt_bar_reg_parse(s, index);
if (s->bases[index].bar_flag == XEN_PT_BAR_FLAG_UNUSED) {
reg_field = XEN_PT_INVALID_REG;
}
--
2.1.4
- [Qemu-devel] [PULL 28/47] qemu-char: add cyrillic key 'numerosign' to Russian keymap, (continued)
- [Qemu-devel] [PULL 28/47] qemu-char: add cyrillic key 'numerosign' to Russian keymap, Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 16/47] Remove superfluous '\n' around error_report(), Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 43/47] migration: Fix coding style (whitespace issues), Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 13/47] a9gtimer: remove superfluous '\n' around error_setg, Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 21/47] arm/digic_boards: Remove superfluous '\n' around error_report(), Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 09/47] Add copyright and author after file split, Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 30/47] sparc/leon3.c: fix memory leak, Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 20/47] tpm: Remove superfluous '\n' around error_report(), Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 26/47] qapi-schema: Fix SpiceChannel docs, Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 42/47] oslib-posix: Fix compiler warning (-Wclobbered) and simplify the code, Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 01/47] xen-pt: fix Negative array index read,
Michael Tokarev <=
- [Qemu-devel] [PULL 14/47] pl330.c: remove superfluous '\n' around error_setg, Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 07/47] qemu-options: fix/document -incoming options, Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 18/47] vfio: Remove superfluous '\n' around error_report(), Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 45/47] milkymist-pfpu: fix GCC 5.0.0 aggressive-loop-optimizations warning, Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 22/47] vhost: Remove superfluous '\n' around error_report(), Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 33/47] sysbus: fix memory leak, Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 31/47] macio: fix possible memory leak, Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 44/47] fix GCC 5.0.0 logical-not-parentheses warnings, Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 38/47] vhost_net: Add missing 'static' attribute, Michael Tokarev, 2015/03/04
- [Qemu-devel] [PULL 24/47] ui/vnc: Remove vnc_stop_worker_thread(), Michael Tokarev, 2015/03/04