qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH for 2.10 32/35] timer/pxa2xx: silent warning abo


From: Peter Maydell
Subject: Re: [Qemu-devel] [PATCH for 2.10 32/35] timer/pxa2xx: silent warning about out-of-bound memory access
Date: Mon, 24 Jul 2017 22:01:11 +0100

On 24 July 2017 at 19:27, Philippe Mathieu-Daudé <address@hidden> wrote:
> Unlikely to happen.
>
> hw/timer/pxa2xx_timer.c:145:19: warning: Out of bound memory access (accessed 
> memory precedes memory block)
>         counter = counters[n];
>                   ^~~~~~~~~~~
>
> Reported-by: Clang Static Analyzer
> Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
> ---
>  hw/timer/pxa2xx_timer.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/timer/pxa2xx_timer.c b/hw/timer/pxa2xx_timer.c
> index 68ba5a70b3..d47f463636 100644
> --- a/hw/timer/pxa2xx_timer.c
> +++ b/hw/timer/pxa2xx_timer.c
> @@ -139,7 +139,7 @@ static void pxa2xx_timer_update4(void *opaque, uint64_t 
> now_qemu, int n)
>      if (s->tm4[n].control & (1 << 7))
>          counter = n;
>      else
> -        counter = counters[n];
> +        counter = counters[n & 7];
>
>      if (!s->tm4[counter].freq) {
>          timer_del(s->tm4[n].tm.qtimer);
> --

This looks rather odd, because we use a mask to guard
the counters[] array index, but we do an access into
another 8-element array with n both immediately
above and immediately below that.

It's not actually possible to call this function
with n not between 0 and 7 -- if the static
analyser can't figure that out does adding an
assert at the top of the function help it out?

thanks
-- PMM



reply via email to

[Prev in Thread] Current Thread [Next in Thread]