[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] Fix bad overflow check in hw/pci/pcie.c
From: |
Daniella Lee |
Subject: |
[PATCH] Fix bad overflow check in hw/pci/pcie.c |
Date: |
Fri, 26 Nov 2021 14:13:24 +0800 |
Orginal qemu commit hash:14d02cfbe4adaeebe7cb833a8cc71191352cf03b
In function pcie_add_capability, an assert contains the
"offset < offset + size" expression.
Both variable offset and variable size are uint16_t,
the comparison is always true due to type promotion.
The next expression may be the same.
It might be like this:
Thread 1 "qemu-system-x86" hit Breakpoint 1, pcie_add_capability (
dev=0x555557ce5f10, cap_id=1, cap_ver=2 '\002', offset=256, size=72)
at ../hw/pci/pcie.c:930
930 {
(gdb) n
931 assert(offset >= PCI_CONFIG_SPACE_SIZE);
(gdb) n
932 assert(offset < offset + size);
(gdb) p offset
$1 = 256
(gdb) p offset < offset + size
$2 = 1
(gdb) set offset=65533
(gdb) p offset < offset + size
$3 = 1
(gdb) p offset < (uint16_t)(offset + size)
$4 = 0
Signed-off-by: Daniella Lee <daniellalee111@gmail.com>
---
hw/pci/pcie.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c
index c5ed266337..d7d73a31e4 100644
--- a/hw/pci/pcie.c
+++ b/hw/pci/pcie.c
@@ -929,8 +929,8 @@ void pcie_add_capability(PCIDevice *dev,
uint16_t offset, uint16_t size)
{
assert(offset >= PCI_CONFIG_SPACE_SIZE);
- assert(offset < offset + size);
- assert(offset + size <= PCIE_CONFIG_SPACE_SIZE);
+ assert(offset < (uint16_t)(offset + size));
+ assert((uint16_t)(offset + size) <= PCIE_CONFIG_SPACE_SIZE);
assert(size >= 8);
assert(pci_is_express(dev));
--
2.27.0
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] Fix bad overflow check in hw/pci/pcie.c,
Daniella Lee <=