qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] target/riscv: Add asserts for out-of-bound access


From: Alistair Francis
Subject: Re: [PATCH] target/riscv: Add asserts for out-of-bound access
Date: Wed, 31 Jul 2024 19:34:37 +1000

On Sat, Jul 27, 2024 at 11:36 AM Atish Kumar Patra <atishp@rivosinc.com> wrote:
>
> On Thu, Jul 25, 2024 at 10:12 PM Alistair Francis <alistair23@gmail.com> 
> wrote:
> >
> > On Wed, Jul 24, 2024 at 6:33 PM Atish Patra <atishp@rivosinc.com> wrote:
> > >
> > > Coverity complained about the possible out-of-bounds access with
> > > counter_virt/counter_virt_prev because these two arrays are
> > > accessed with privilege mode. However, these two arrays are accessed
> > > only when virt is enabled. Thus, the privilege mode can't be M mode.
> > >
> > > Add the asserts anyways to detect any wrong usage of these arrays
> > > in the future.
> > >
> > > Suggested-by: Peter Maydell <peter.maydell@linaro.org>
> > > Signed-off-by: Atish Patra <atishp@rivosinc.com>
> >
> > Fixes: Coverity CID 1558459
> > Fixes: Coverity CID 1558462
> >
>
> I think one of the Coverity issues was about the get_field issue in
> the other thread?
> This doesn't necessarily fix the coverity issue also as the issue
> reported is a false positive.
> But I don't mind citing the coverity issues as it is reported by that.
>
> Is there a link to both coverity issues to know which issue describes
> the out-of-bound access one ?

I don't think so. I can see the report though and I think it should be
both of them. They are hard to read, but they both seem relevant.

1558462 is the confusing one, but it has

CID 1558462:  Memory - corruptions  (OVERRUN)
>>>     Overrunning callee's array of size 2 by passing argument "env->priv" 
>>> (which evaluates to 2) in call to "riscv_cpu_set_mode".

so I think this should fix it

Alistair



reply via email to

[Prev in Thread] Current Thread [Next in Thread]