[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 20/28] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() f
|
From: |
Philippe Mathieu-Daudé |
|
Subject: |
[PULL 20/28] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something |
|
Date: |
Tue, 6 Aug 2024 14:51:48 +0200 |
From: Peter Maydell <peter.maydell@linaro.org>
Coverity complains about an overflow in isa_fdc_get_drive_max_chs()
that can happen if the loop over fd_formats never finds a match,
because we initialize *maxc to 0 and then at the end of the
function decrement it.
This can't ever actually happen because fd_formats has at least
one entry for each FloppyDriveType, so we must at least once
find a match and update *maxc, *maxh and *maxs. Assert that we
did find a match, which should keep Coverity happy and will also
detect possible bugs in the data in fd_formats.
Resolves: Coverity CID 1547663
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240731143617.3391947-6-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
hw/block/fdc-isa.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/block/fdc-isa.c b/hw/block/fdc-isa.c
index e43dc532af..796835f57b 100644
--- a/hw/block/fdc-isa.c
+++ b/hw/block/fdc-isa.c
@@ -147,6 +147,8 @@ static void isa_fdc_get_drive_max_chs(FloppyDriveType type,
uint8_t *maxc,
*maxs = fdf->last_sect;
}
}
+ /* fd_formats must contain at least one entry per FloppyDriveType */
+ assert(*maxc);
(*maxc)--;
}
--
2.45.2
- [PULL 10/28] hw/intc/loongson_ipi: Expose loongson_ipi_core_read/write helpers, (continued)
- [PULL 10/28] hw/intc/loongson_ipi: Expose loongson_ipi_core_read/write helpers, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 12/28] hw/intc/loongarch_ipi: Add loongarch IPI support, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 13/28] hw/loongarch/virt: Replace Loongson IPI with LoongArch IPI, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 14/28] hw/intc/loongson_ipi: Restrict to MIPS, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 15/28] hw/sd/sdcard: Explicit dummy byte value, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 16/28] hw/sd/sdcard: Do not abort when reading DAT lines on invalid cmd state, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 17/28] hw/sd/sdhci: Reset @data_count index on invalid ADMA transfers, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 18/28] hw/block/pflash_cfi01: Don't decrement pfl->counter below 0, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 19/28] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 20/28] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something,
Philippe Mathieu-Daudé <=
- [PULL 23/28] system/vl.c: Expand OpenGL related errors, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 22/28] hw/display/virtio-gpu: Improve "opengl is not available" error message, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 24/28] ui/console: Note in '-display help' that some backends support suboptions, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 21/28] hw/ide/pci: Remove dead code from bmdma_prepare_buf(), Philippe Mathieu-Daudé, 2024/08/06
- [PULL 27/28] docs/specs/pci-ids: Add missing devices, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 25/28] hw/pci-host/gt64120: Set PCI base address register write mask, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 26/28] hw/pci-host/gt64120: Reset config registers during RESET phase, Philippe Mathieu-Daudé, 2024/08/06
- [PULL 28/28] docs/specs/pci-ids: Fix markup, Philippe Mathieu-Daudé, 2024/08/06
- Re: [PULL 00/28] Misc HW & UI patches for 2024-08-06, Richard Henderson, 2024/08/06