Re: [PATCH 7/7] block/ssh.c: Don't double-check that characters are hex

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 7/7] block/ssh.c: Don't double-check that characters are hex

From:	Peter Maydell
Subject:	Re: [PATCH 7/7] block/ssh.c: Don't double-check that characters are hex digits
Date:	Wed, 31 Jul 2024 16:26:10 +0100

On Wed, 31 Jul 2024 at 16:21, Kevin Wolf <kwolf@redhat.com> wrote:
>
> Am 31.07.2024 um 16:36 hat Peter Maydell geschrieben:
> > In compare_fingerprint() we effectively check whether the characters
> > in the fingerprint are valid hex digits twice: first we do so with
> > qemu_isxdigit(), but then the hex2decimal() function also has a code
> > path where it effectively detects an invalid digit and returns -1.
> > This causes Coverity to complain because it thinks that we might use
> > that -1 value in an expression where it would be an integer overflow.
>
> If it's a Coverity issue, I think you want to mention the CID, too.

Yes;

Resolves: Coverity CID 1547813

> > Avoid the double-check of hex digit validity by testing the return
> > values from hex2decimal() rather than doing separate calls to
> > qemu_isxdigit().
> >
> > Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> > ---
> > Could alternatively have put a g_assert_non_reached() in
> > hex2decimal(), but this seemed better to me.
>
> I don't like that hex2decimal() returns -1 when its result is unsigned,
> which is why you had to write the check as > 0xf rather than < 0. So in
> this sense, g_assert_non_reached() would look better to me. But we could
> also just change it to return UINT_MAX instead, which should be the
> same, just written in a less confusing way.

I was not super happy with the -1 either. Happy to change that
to 'return UINT_MAX'.

-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH 5/7] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something, (continued)
- [PATCH 3/7] hw/block/pflash_cfi01: Don't decrement pfl->counter below 0, Peter Maydell, 2024/07/31
  - Re: [PATCH 3/7] hw/block/pflash_cfi01: Don't decrement pfl->counter below 0, Kevin Wolf, 2024/07/31
- [PATCH 4/7] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates, Peter Maydell, 2024/07/31
  - Re: [PATCH 4/7] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates, Markus Armbruster, 2024/07/31
    - Re: [PATCH 4/7] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates, Peter Maydell, 2024/07/31
  - Re: [PATCH 4/7] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates, Kevin Wolf, 2024/07/31
- [PATCH 7/7] block/ssh.c: Don't double-check that characters are hex digits, Peter Maydell, 2024/07/31
  - Re: [PATCH 7/7] block/ssh.c: Don't double-check that characters are hex digits, Kevin Wolf, 2024/07/31
    - Re: [PATCH 7/7] block/ssh.c: Don't double-check that characters are hex digits, Peter Maydell <=
- [PATCH 2/7] block/gluster: Use g_autofree for string in qemu_gluster_parse_json(), Peter Maydell, 2024/07/31
  - Re: [PATCH 2/7] block/gluster: Use g_autofree for string in qemu_gluster_parse_json(), Kevin Wolf, 2024/07/31
  - Re: [PATCH 2/7] block/gluster: Use g_autofree for string in qemu_gluster_parse_json(), Philippe Mathieu-Daudé, 2024/07/31
- [PATCH 6/7] hw/ide/pci.c: Remove dead code from bmdma_prepare_buf(), Peter Maydell, 2024/07/31
  - Re: [PATCH 6/7] hw/ide/pci.c: Remove dead code from bmdma_prepare_buf(), Kevin Wolf, 2024/07/31
    - Re: [PATCH 6/7] hw/ide/pci.c: Remove dead code from bmdma_prepare_buf(), Philippe Mathieu-Daudé, 2024/07/31

Prev by Date: Re: [PATCH] util: retry open() when it gets interrupted by a signal
Next by Date: Re: [PATCH v1] target/i386: Always set leaf 0x1f
Previous by thread: Re: [PATCH 7/7] block/ssh.c: Don't double-check that characters are hex digits
Next by thread: [PATCH 2/7] block/gluster: Use g_autofree for string in qemu_gluster_parse_json()
Index(es):
- Date
- Thread