[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 03/11] ide: Fix error messages from static code anal
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] [PATCH 03/11] ide: Fix error messages from static code analysis (no real error) |
Date: |
Fri, 14 Sep 2012 14:39:04 +0200 |
From: Stefan Weil <address@hidden>
Report from smatch:
hw/ide/core.c:1472 ide_exec_cmd(423) error: buffer overflow 'smart_attributes'
8 <= 29
hw/ide/core.c:1474 ide_exec_cmd(425) error: buffer overflow 'smart_attributes'
8 <= 29
hw/ide/core.c:1475 ide_exec_cmd(426) error: buffer overflow 'smart_attributes'
8 <= 29
...
The upper limit of 30 was never reached because both for loops terminated
when 'smart_attributes' reached end of list, so there was no real buffer
overflow.
Nevertheless, changing the code not only fixes the error report, but also
reduces the size of smart_attributes and simplifies the for loops.
Signed-off-by: Stefan Weil <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
hw/ide/core.c | 11 ++---------
1 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index d65ef3d..d6fb69c 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -53,8 +53,6 @@ static const int smart_attributes[][12] = {
{ 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
/* airflow-temperature-celsius */
{ 190, 0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32},
- /* end of list */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
};
static int ide_handle_rw_error(IDEState *s, int error, int op);
@@ -1468,9 +1466,7 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
case SMART_READ_THRESH:
memset(s->io_buffer, 0, 0x200);
s->io_buffer[0] = 0x01; /* smart struct version */
- for (n=0; n<30; n++) {
- if (smart_attributes[n][0] == 0)
- break;
+ for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
s->io_buffer[2+1+(n*12)] = smart_attributes[n][11];
}
@@ -1484,10 +1480,7 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
case SMART_READ_DATA:
memset(s->io_buffer, 0, 0x200);
s->io_buffer[0] = 0x01; /* smart struct version */
- for (n=0; n<30; n++) {
- if (smart_attributes[n][0] == 0) {
- break;
- }
+ for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
int i;
for(i = 0; i < 11; i++) {
s->io_buffer[2+i+(n*12)] = smart_attributes[n][i];
--
1.7.6.5
- [Qemu-devel] [PULL 00/11] Block patches, Kevin Wolf, 2012/09/14
- [Qemu-devel] [PATCH 04/11] block/curl: Fix wrong free statement, Kevin Wolf, 2012/09/14
- [Qemu-devel] [PATCH 05/11] vdi: Fix warning from clang, Kevin Wolf, 2012/09/14
- [Qemu-devel] [PATCH 01/11] sheepdog: fix savevm and loadvm, Kevin Wolf, 2012/09/14
- [Qemu-devel] [PATCH 08/11] qapi: Add SnapshotInfo and ImageInfo., Kevin Wolf, 2012/09/14
- [Qemu-devel] [PATCH 02/11] ATAPI: STARTSTOPUNIT only eject/load media if powercondition is 0, Kevin Wolf, 2012/09/14
- [Qemu-devel] [PATCH 07/11] ahci: properly reset PxCMD on HBA reset, Kevin Wolf, 2012/09/14
- [Qemu-devel] [PATCH 03/11] ide: Fix error messages from static code analysis (no real error),
Kevin Wolf <=
- [Qemu-devel] [PATCH 06/11] block: fix block tray status, Kevin Wolf, 2012/09/14
- [Qemu-devel] [PATCH 10/11] Don't require encryption password for 'qemu-img info' command, Kevin Wolf, 2012/09/14
- [Qemu-devel] [PATCH 09/11] qemu-img: Add json output option to the info command., Kevin Wolf, 2012/09/14
- [Qemu-devel] [PATCH 11/11] block: Don't forget to delete temporary file, Kevin Wolf, 2012/09/14
- Re: [Qemu-devel] [PULL 00/11] Block patches, Anthony Liguori, 2012/09/17
- Re: [Qemu-devel] [PULL 00/11] Block patches, Michael Tokarev, 2012/09/18