Message ID | 20240731143617.3391947-6-peter.maydell@linaro.org |
---|---|
State | Superseded |
Headers | show |
Series | block: Miscellaneous minor Coverity fixes | expand |
Peter Maydell <peter.maydell@linaro.org> writes: > Coverity complains about an overflow in isa_fdc_get_drive_max_chs() > that can happen if the loop over fd_formats never finds a match, > because we initialize *maxc to 0 and then at the end of the > function decrement it. > > This can't ever actually happen because fd_formats has at least > one entry for each FloppyDriveType, so we must at least once > find a match and update *maxc, *maxh and *maxs. Assert that we > did find a match, which should keep Coverity happy and will also > detect possible bugs in the data in fd_formats. > > Resolves: Coverity CID 1547663 > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > hw/block/fdc-isa.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/hw/block/fdc-isa.c b/hw/block/fdc-isa.c > index e43dc532af8..796835f57b3 100644 > --- a/hw/block/fdc-isa.c > +++ b/hw/block/fdc-isa.c > @@ -147,6 +147,8 @@ static void isa_fdc_get_drive_max_chs(FloppyDriveType type, uint8_t *maxc, > *maxs = fdf->last_sect; > } > } > + /* fd_formats must contain at least one entry per FloppyDriveType */ > + assert(*maxc); > (*maxc)--; > } Reviewed-by: Markus Armbruster <armbru@redhat.com>
Am 31.07.2024 um 16:36 hat Peter Maydell geschrieben: > Coverity complains about an overflow in isa_fdc_get_drive_max_chs() > that can happen if the loop over fd_formats never finds a match, > because we initialize *maxc to 0 and then at the end of the > function decrement it. > > This can't ever actually happen because fd_formats has at least > one entry for each FloppyDriveType, so we must at least once > find a match and update *maxc, *maxh and *maxs. Assert that we > did find a match, which should keep Coverity happy and will also > detect possible bugs in the data in fd_formats. > > Resolves: Coverity CID 1547663 > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
On 31/7/24 16:36, Peter Maydell wrote: > Coverity complains about an overflow in isa_fdc_get_drive_max_chs() > that can happen if the loop over fd_formats never finds a match, > because we initialize *maxc to 0 and then at the end of the > function decrement it. > > This can't ever actually happen because fd_formats has at least > one entry for each FloppyDriveType, so we must at least once > find a match and update *maxc, *maxh and *maxs. Assert that we > did find a match, which should keep Coverity happy and will also > detect possible bugs in the data in fd_formats. > > Resolves: Coverity CID 1547663 > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > hw/block/fdc-isa.c | 2 ++ > 1 file changed, 2 insertions(+) Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
diff --git a/hw/block/fdc-isa.c b/hw/block/fdc-isa.c index e43dc532af8..796835f57b3 100644 --- a/hw/block/fdc-isa.c +++ b/hw/block/fdc-isa.c @@ -147,6 +147,8 @@ static void isa_fdc_get_drive_max_chs(FloppyDriveType type, uint8_t *maxc, *maxs = fdf->last_sect; } } + /* fd_formats must contain at least one entry per FloppyDriveType */ + assert(*maxc); (*maxc)--; }
Coverity complains about an overflow in isa_fdc_get_drive_max_chs() that can happen if the loop over fd_formats never finds a match, because we initialize *maxc to 0 and then at the end of the function decrement it. This can't ever actually happen because fd_formats has at least one entry for each FloppyDriveType, so we must at least once find a match and update *maxc, *maxh and *maxs. Assert that we did find a match, which should keep Coverity happy and will also detect possible bugs in the data in fd_formats. Resolves: Coverity CID 1547663 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/block/fdc-isa.c | 2 ++ 1 file changed, 2 insertions(+)