[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] target/riscv: Add asserts for out-of-bound access
From: |
Alistair Francis |
Subject: |
Re: [PATCH] target/riscv: Add asserts for out-of-bound access |
Date: |
Wed, 31 Jul 2024 19:34:37 +1000 |
On Sat, Jul 27, 2024 at 11:36 AM Atish Kumar Patra <atishp@rivosinc.com> wrote:
>
> On Thu, Jul 25, 2024 at 10:12 PM Alistair Francis <alistair23@gmail.com>
> wrote:
> >
> > On Wed, Jul 24, 2024 at 6:33 PM Atish Patra <atishp@rivosinc.com> wrote:
> > >
> > > Coverity complained about the possible out-of-bounds access with
> > > counter_virt/counter_virt_prev because these two arrays are
> > > accessed with privilege mode. However, these two arrays are accessed
> > > only when virt is enabled. Thus, the privilege mode can't be M mode.
> > >
> > > Add the asserts anyways to detect any wrong usage of these arrays
> > > in the future.
> > >
> > > Suggested-by: Peter Maydell <peter.maydell@linaro.org>
> > > Signed-off-by: Atish Patra <atishp@rivosinc.com>
> >
> > Fixes: Coverity CID 1558459
> > Fixes: Coverity CID 1558462
> >
>
> I think one of the Coverity issues was about the get_field issue in
> the other thread?
> This doesn't necessarily fix the coverity issue also as the issue
> reported is a false positive.
> But I don't mind citing the coverity issues as it is reported by that.
>
> Is there a link to both coverity issues to know which issue describes
> the out-of-bound access one ?
I don't think so. I can see the report though and I think it should be
both of them. They are hard to read, but they both seem relevant.
1558462 is the confusing one, but it has
CID 1558462: Memory - corruptions (OVERRUN)
>>> Overrunning callee's array of size 2 by passing argument "env->priv"
>>> (which evaluates to 2) in call to "riscv_cpu_set_mode".
so I think this should fix it
Alistair