[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 23/25] sd: Fix out-of-bounds assertions
|
From: |
Paolo Bonzini |
|
Subject: |
[Qemu-devel] [PULL 23/25] sd: Fix out-of-bounds assertions |
|
Date: |
Fri, 21 Jun 2019 03:42:28 +0200 |
From: Lidong Chen <address@hidden>
Due to an off-by-one error, the assert statements allow an
out-of-bound array access. This doesn't happen in practice,
but the static analyzer notices.
Signed-off-by: Lidong Chen <address@hidden>
Reviewed-by: Liam Merwick <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Li Qiang <address@hidden>
Reviewed-by: Darren Kenny <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
---
hw/sd/sd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
index 60500ec..917195a6 100644
--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
@@ -145,7 +145,7 @@ static const char *sd_state_name(enum SDCardStates state)
if (state == sd_inactive_state) {
return "inactive";
}
- assert(state <= ARRAY_SIZE(state_name));
+ assert(state < ARRAY_SIZE(state_name));
return state_name[state];
}
@@ -166,7 +166,7 @@ static const char *sd_response_name(sd_rsp_type_t rsp)
if (rsp == sd_r1b) {
rsp = sd_r1;
}
- assert(rsp <= ARRAY_SIZE(response_name));
+ assert(rsp < ARRAY_SIZE(response_name));
return response_name[rsp];
}
--
1.8.3.1
- [Qemu-devel] [PULL 02/25] hax: Honor CPUState::halted, (continued)
- [Qemu-devel] [PULL 02/25] hax: Honor CPUState::halted, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 03/25] i386/kvm: convert hyperv enlightenments properties from bools to bits, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 06/25] i386/kvm: document existing Hyper-V enlightenments, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 04/25] i386/kvm: add support for KVM_GET_SUPPORTED_HV_CPUID, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 05/25] i386/kvm: move Hyper-V CPUID filling to hyperv_handle_properties(), Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 08/25] i386/kvm: hv-stimer requires hv-time and hv-synic, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 09/25] i386/kvm: hv-tlbflush/ipi require hv-vpindex, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 10/25] i386/kvm: hv-evmcs requires hv-vapic, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 16/25] target/i386: kvm: Re-inject #DB to guest with updated DR6, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 24/25] util/main-loop: Fix incorrect assertion, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 23/25] sd: Fix out-of-bounds assertions,
Paolo Bonzini <=
- [Qemu-devel] [PULL 14/25] KVM: Introduce kvm_arch_destroy_vcpu(), Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 13/25] target/i386: kvm: Delete VMX migration blocker on vCPU init failure, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 15/25] target/i386: kvm: Use symbolic constant for #DB/#BP exception constants, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 11/25] i386/kvm: add support for Direct Mode for Hyper-V synthetic timers, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 12/25] target/i386: define a new MSR based feature word - FEAT_CORE_CAPABILITY, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 18/25] linux-headers: sync with latest KVM headers from Linux 5.2, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 19/25] vmstate: Add support for kernel integer types, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 21/25] target/i386: kvm: Add support for KVM_CAP_EXCEPTION_PAYLOAD, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 17/25] target/i386: kvm: Block migration for vCPUs exposed with nested virtualization, Paolo Bonzini, 2019/06/20
- [Qemu-devel] [PULL 25/25] hw: Nuke hw_compat_4_0_1 and pc_compat_4_0_1, Paolo Bonzini, 2019/06/20