Re: [PATCH 5/7] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 5/7] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs(

From:	Markus Armbruster
Subject:	Re: [PATCH 5/7] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something
Date:	Wed, 31 Jul 2024 16:50:24 +0200
User-agent:	Gnus/5.13 (Gnus v5.13)

Peter Maydell <peter.maydell@linaro.org> writes:

> Coverity complains about an overflow in isa_fdc_get_drive_max_chs()
> that can happen if the loop over fd_formats never finds a match,
> because we initialize *maxc to 0 and then at the end of the
> function decrement it.
>
> This can't ever actually happen because fd_formats has at least
> one entry for each FloppyDriveType, so we must at least once
> find a match and update *maxc, *maxh and *maxs. Assert that we
> did find a match, which should keep Coverity happy and will also
> detect possible bugs in the data in fd_formats.
>
> Resolves: Coverity CID 1547663
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  hw/block/fdc-isa.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/hw/block/fdc-isa.c b/hw/block/fdc-isa.c
> index e43dc532af8..796835f57b3 100644
> --- a/hw/block/fdc-isa.c
> +++ b/hw/block/fdc-isa.c
> @@ -147,6 +147,8 @@ static void isa_fdc_get_drive_max_chs(FloppyDriveType 
> type, uint8_t *maxc,
>              *maxs = fdf->last_sect;
>          }
>      }
> +    /* fd_formats must contain at least one entry per FloppyDriveType */
> +    assert(*maxc);
>      (*maxc)--;
>  }

Reviewed-by: Markus Armbruster <armbru@redhat.com>

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 6/7] hw/ide/pci.c: Remove dead code from bmdma_prepare_buf(), (continued)
- [PATCH 6/7] hw/ide/pci.c: Remove dead code from bmdma_prepare_buf(), Peter Maydell, 2024/07/31
  - Re: [PATCH 6/7] hw/ide/pci.c: Remove dead code from bmdma_prepare_buf(), Kevin Wolf, 2024/07/31
- [PATCH 4/7] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates, Peter Maydell, 2024/07/31
  - Re: [PATCH 4/7] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates, Markus Armbruster, 2024/07/31
    - Re: [PATCH 4/7] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates, Peter Maydell, 2024/07/31
  - Re: [PATCH 4/7] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates, Kevin Wolf, 2024/07/31
- [PATCH 7/7] block/ssh.c: Don't double-check that characters are hex digits, Peter Maydell, 2024/07/31
  - Re: [PATCH 7/7] block/ssh.c: Don't double-check that characters are hex digits, Kevin Wolf, 2024/07/31
    - Re: [PATCH 7/7] block/ssh.c: Don't double-check that characters are hex digits, Peter Maydell, 2024/07/31
- [PATCH 5/7] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something, Peter Maydell, 2024/07/31
  - Re: [PATCH 5/7] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something, Markus Armbruster <=
  - Re: [PATCH 5/7] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something, Kevin Wolf, 2024/07/31
  - Re: [PATCH 5/7] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something, Philippe Mathieu-Daudé, 2024/07/31

Prev by Date: Re: [PATCH 4/7] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates
Next by Date: Re: [PATCH 5/7] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something
Previous by thread: [PATCH 5/7] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something
Next by thread: Re: [PATCH 5/7] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something
Index(es):
- Date
- Thread