[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-trivial] [PATCH 1/2] xen-pt: fix Negative array index read
From: |
Stefano Stabellini |
Subject: |
Re: [Qemu-trivial] [PATCH 1/2] xen-pt: fix Negative array index read |
Date: |
Tue, 10 Feb 2015 06:40:34 +0000 |
User-agent: |
Alpine 2.02 (DEB 1266 2009-07-14) |
On Sat, 31 Jan 2015, address@hidden wrote:
> From: Gonglei <address@hidden>
>
> Coverity spot:
> Function xen_pt_bar_offset_to_index() may returns a negative
> number (-1) value index, which as an index to array d->io_regions.
>
> Let's directly and simply pass index as an argument to
> xen_pt_bar_reg_parse().
>
> Signed-off-by: Gonglei <address@hidden>
Acked-by: Stefano Stabellini <address@hidden>
> hw/xen/xen_pt_config_init.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
> index de9a20f..710fe50 100644
> --- a/hw/xen/xen_pt_config_init.c
> +++ b/hw/xen/xen_pt_config_init.c
> @@ -360,15 +360,13 @@ static uint64_t xen_pt_get_bar_size(PCIIORegion *r)
> }
>
> static XenPTBarFlag xen_pt_bar_reg_parse(XenPCIPassthroughState *s,
> - XenPTRegInfo *reg)
> + int index)
> {
> PCIDevice *d = &s->dev;
> XenPTRegion *region = NULL;
> PCIIORegion *r;
> - int index = 0;
>
> /* check 64bit BAR */
> - index = xen_pt_bar_offset_to_index(reg->offset);
> if ((0 < index) && (index < PCI_ROM_SLOT)) {
> int type = s->real_device.io_regions[index - 1].type;
>
> @@ -422,7 +420,7 @@ static int xen_pt_bar_reg_init(XenPCIPassthroughState *s,
> XenPTRegInfo *reg,
> }
>
> /* set BAR flag */
> - s->bases[index].bar_flag = xen_pt_bar_reg_parse(s, reg);
> + s->bases[index].bar_flag = xen_pt_bar_reg_parse(s, index);
> if (s->bases[index].bar_flag == XEN_PT_BAR_FLAG_UNUSED) {
> reg_field = XEN_PT_INVALID_REG;
> }
> --
> 1.7.12.4
>
>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-trivial] [PATCH 1/2] xen-pt: fix Negative array index read,
Stefano Stabellini <=