From patchwork Wed Jul 31 14:36:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13748855 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 32C58C3DA7F for ; Wed, 31 Jul 2024 14:37:11 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sZARL-0004cv-PX; Wed, 31 Jul 2024 10:36:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sZARE-0004Q4-1i for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:24 -0400 Received: from mail-wm1-x335.google.com ([2a00:1450:4864:20::335]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sZARB-0002dr-Q9 for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:23 -0400 Received: by mail-wm1-x335.google.com with SMTP id 5b1f17b1804b1-4266f3e0df8so36152345e9.2 for ; Wed, 31 Jul 2024 07:36:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1722436579; x=1723041379; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=S/NRApmVNAaLyyg+o5au71Qdmh5VzyMeuC289IBc2d8=; b=SVOx+D2rLsj2MpTsOItsfhDCFQSbOJYPlJy700gyDVG0/FnHCVTJBwfDPalwpgMY+u P4Rp2tEUV8XxPshxn/ppqtWniau6FSpayYCPLyl/QQo0yX+HjurXe5HuAZSyzFYK7gH0 ZHFPU/Ymog4taYR52LLCS2Mh8ngfJJ8w1bdbjBZnHJ7GkGh1nDcb08m4INAGb+/pJ84G Gfpp9rKMFLj2SzjN0q20V7DfzQ2P9dM+cNjXINb/fsNrYMUGv6P2wmLfAJwVGaA6wSje TAAHgpJGX2EzLET4/Wr1BFDLbitS04K2S90ml3rE3sFr7EmDmogdI6QSLnSUuDjG/JlS ESMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722436579; x=1723041379; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=S/NRApmVNAaLyyg+o5au71Qdmh5VzyMeuC289IBc2d8=; b=VKGSrMsEjDglL24AZ6OtEvQKQJIgqL8i28JwLBzPN2aQ1BjH/X6plFZKzW59muniJS gSq/znrZRzzQ3Kk273YuvwmQzv79ujz5C8gABLd+ukwtMsV6SRCyNGH1aV+yoqhWcgev 1VDPtj2UDijxdRylPW+C65CLBFIAV+rUvqfIpj5jfzn3Z9EuMLREfKl3sSxnlmTWRzzC wwvKMl0CCNwoeMxR/L1dX/mk23gwt3lu+70GSAC8wjlPMziCpowb39U1MKxB9BY9d5tQ EbI5qFz67bJPgLfFJu5j4wCd2hNruPGsP7ap4xjmummSkfCmFFSbqduKCoh1I7TRwi2u 8JfQ== X-Gm-Message-State: AOJu0Yy0Z2VGoWdzaswMRH5It6BKp5qQA/CtLs4+inJyYbVLR7Y4nd1w 1v4bj6av9C7WpX2b/db4Axz9rvfzeaSTAqf+Pq1Jr9V01OdmwsKPhDhofzzIhL/jGxmUo9cit6+ I X-Google-Smtp-Source: AGHT+IGFB0T0NVU5JuujtyxV8t2Oa9Mcxpkc8yrpbx3F/UcybVtKJhQTOnyCci+ilFJ/gh2T/0RzUA== X-Received: by 2002:a05:600c:4ec6:b0:428:1eff:78ec with SMTP id 5b1f17b1804b1-4281eff7a44mr69278435e9.18.1722436579541; Wed, 31 Jul 2024 07:36:19 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4282b89a86dsm23976025e9.1.2024.07.31.07.36.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 07:36:19 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , John Snow , Stefan Weil , "Richard W.M. Jones" , Hanna Reitz , Kevin Wolf , qemu-block@nongnu.org Subject: [PATCH 1/7] block/vdi.c: Avoid potential overflow when calculating size of write Date: Wed, 31 Jul 2024 15:36:11 +0100 Message-Id: <20240731143617.3391947-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240731143617.3391947-1-peter.maydell@linaro.org> References: <20240731143617.3391947-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::335; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x335.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org In vdi_co_pwritev() we multiply a sector count by SECTOR_SIZE to get the size to write in bytes. Coverity notes that this means that we do the multiply as a 32x32->32 multiply before converting to 64 bits, which has the potential to overflow. This is very unlikely to happen, since the block map has 4 bytes per block and the maximum number of blocks in the image must fit into a 32-bit integer. But we can keep Coverity happy by including a cast so we do a 64-bit multiply here. Resolves: Coverity CID 1508076 Signed-off-by: Peter Maydell Reviewed-by: Stefan Weil --- block/vdi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/vdi.c b/block/vdi.c index 6363da08cee..27c60ba18d0 100644 --- a/block/vdi.c +++ b/block/vdi.c @@ -728,7 +728,7 @@ nonallocating_write: logout("will write %u block map sectors starting from entry %u\n", n_sectors, bmap_first); ret = bdrv_co_pwrite(bs->file, bmap_offset * SECTOR_SIZE, - n_sectors * SECTOR_SIZE, base, 0); + n_sectors * (uint64_t)SECTOR_SIZE, base, 0); } return ret; From patchwork Wed Jul 31 14:36:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13748854 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4E9D5C3DA64 for ; Wed, 31 Jul 2024 14:37:09 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sZARM-0004en-5B; Wed, 31 Jul 2024 10:36:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sZARE-0004RL-OF for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:24 -0400 Received: from mail-lj1-x22f.google.com ([2a00:1450:4864:20::22f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sZARB-0002e0-Vf for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:24 -0400 Received: by mail-lj1-x22f.google.com with SMTP id 38308e7fff4ca-2f0dfdc9e16so72382291fa.2 for ; Wed, 31 Jul 2024 07:36:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1722436580; x=1723041380; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=M9NCxU046H4u60QWd27C0lgNDdOg+T8nPmeaSWQBoJk=; b=eWBuF91+q3/Hdc1A0AbfvIbkP1yEJxVUxcokzQwVTRjXQE9T2Qj5UfIE3xApL1HFhQ O9+7XW4Lu7jDZ2bJGUZ07XE4VNvxnbQ2x74SfciOfD35IWjAOvSkukhfJs3+e+a7ML3+ /NitxZjKb67vGL+l1IxE7vPquqjKQ9euT3Tnyj/ZcR/Lgb10n0Sw5QT4DE/14tOdkIaJ jC9HP8cOIMoQ70jMOG+R0RbxA7X1tOGo6UowcRWZQaA64uyFb+BT86wEYvBeLag34V4Q tDvjJlHKiWfSc5fW+j8Zwr6kaRCLwv4thhooFt7n/prgJZInqRCCf8O9qI3kjlQQaLI4 SMtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722436580; x=1723041380; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=M9NCxU046H4u60QWd27C0lgNDdOg+T8nPmeaSWQBoJk=; b=KlYhucBMZOd9aY9+BMrd48toRhxB3vWTewPpmtx8g7keCy9GC5vCiV9wX/egSA16GO ck4yySKlSADk2/hB1s4q/7IKECCOq0czMjX77bA7L5BuAAy47ZMlfLJ/aUVaiNA/rh/Q TUNKRFet210Mmdp1tK34G4mJQ7S9wht3XE9ABGbTw66fLTs2PcpUoC2rs8CyH3SgCPgh yoKQMmsyM54Yn0oc6iOHe+u7e/mh9HYX5lvwW/AIj4yOw6saZOSn0Uy0xSddynC1JgXn cikBxNyno+lxpbqGLCWT91SOSvQ+SSBFXV4d+P/sJ0RadMhSFS2gyYs/x0koFi1+4nBr tN/A== X-Gm-Message-State: AOJu0YzPVYBJf5V11ZcJBu1cJBP7cryfzne1m5ZZo7RjiIJVccvIHny0 kZO0V4Xgky1aAIxL6K2LvWcwsg0/FDYWha9w5vBrDxf7zpQuNuw/TR/BPlKKcic1LPOTC/Qca/4 A X-Google-Smtp-Source: AGHT+IEjLLHwwocLy5JAiC32Xksh6lxSbBuw//ampqQu+dvOQdVajcLE2WLnysPCF1hhV/DHQ+/i0w== X-Received: by 2002:a2e:a615:0:b0:2ef:2c0f:2846 with SMTP id 38308e7fff4ca-2f12ee05031mr92262471fa.17.1722436580097; Wed, 31 Jul 2024 07:36:20 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4282b89a86dsm23976025e9.1.2024.07.31.07.36.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 07:36:19 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , John Snow , Stefan Weil , "Richard W.M. Jones" , Hanna Reitz , Kevin Wolf , qemu-block@nongnu.org Subject: [PATCH 2/7] block/gluster: Use g_autofree for string in qemu_gluster_parse_json() Date: Wed, 31 Jul 2024 15:36:12 +0100 Message-Id: <20240731143617.3391947-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240731143617.3391947-1-peter.maydell@linaro.org> References: <20240731143617.3391947-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::22f; envelope-from=peter.maydell@linaro.org; helo=mail-lj1-x22f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org In the loop in qemu_gluster_parse_json() we do: char *str = NULL; for(...) { str = g_strdup_printf(...); ... if (various errors) { goto out; } ... g_free(str); str = NULL; } return 0; out: various cleanups; g_free(str); ... return -errno; Coverity correctly complains that the assignment "str = NULL" at the end of the loop is unnecessary, because we will either go back to the top of the loop and overwrite it, or else we will exit the loop and then exit the function without ever reading str again. The assignment is there as defensive coding to ensure that str is only non-NULL if it's a live allocation, so this is intentional. We can make Coverity happier and simplify the code here by using g_autofree, since we never need 'str' outside the loop. Resolves: Coverity CID 1527385 Signed-off-by: Peter Maydell Reviewed-by: Kevin Wolf Reviewed-by: Philippe Mathieu-Daudé --- block/gluster.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/block/gluster.c b/block/gluster.c index f8b415f3812..61ded95e660 100644 --- a/block/gluster.c +++ b/block/gluster.c @@ -514,7 +514,6 @@ static int qemu_gluster_parse_json(BlockdevOptionsGluster *gconf, SocketAddressList **tail; QDict *backing_options = NULL; Error *local_err = NULL; - char *str = NULL; const char *ptr; int i, type, num_servers; @@ -547,7 +546,7 @@ static int qemu_gluster_parse_json(BlockdevOptionsGluster *gconf, tail = &gconf->server; for (i = 0; i < num_servers; i++) { - str = g_strdup_printf(GLUSTER_OPT_SERVER_PATTERN"%d.", i); + g_autofree char *str = g_strdup_printf(GLUSTER_OPT_SERVER_PATTERN"%d.", i); qdict_extract_subqdict(options, &backing_options, str); /* create opts info from runtime_type_opts list */ @@ -658,8 +657,6 @@ static int qemu_gluster_parse_json(BlockdevOptionsGluster *gconf, qobject_unref(backing_options); backing_options = NULL; - g_free(str); - str = NULL; } return 0; @@ -668,7 +665,6 @@ out: error_propagate(errp, local_err); qapi_free_SocketAddress(gsconf); qemu_opts_del(opts); - g_free(str); qobject_unref(backing_options); errno = EINVAL; return -errno; From patchwork Wed Jul 31 14:36:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13748858 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 89C3DC3DA7F for ; Wed, 31 Jul 2024 14:37:54 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sZARQ-0004vG-22; Wed, 31 Jul 2024 10:36:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sZARH-0004VG-Ud for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:29 -0400 Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sZARD-0002e8-NZ for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:25 -0400 Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-42816ca797fso33324295e9.2 for ; Wed, 31 Jul 2024 07:36:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1722436581; x=1723041381; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MpfLEWhTNYsztTZUist4DkFQWGQUQxtEy7gAUiTdvXo=; b=Tq8FVuIZ4oEFqI6nBMVac+SJqystRDayQkDffmTxCqMlFGiatTFPaELmt4nbFhQgkI RHjYpIwECfIraswX7shyLQUNUkM49Ww/25ZZwzZjP3LJXWKYbUjDWbohFXjYHhdeBjPL jVLUUWPzUovcduuHDCr9rDk6Pij9ZfTCMHjqxtjJzIuYxCNxBXYfM+If+RbSsZVM6UOX R365xh+siLs0DE24jPRd+RdM4TqgjqcKCJqX4x6uHgklcqiX/oHqEHWv0s83zQlrv2Fi ntaT9tI7paUVCTDB2r756TDtQIaS3wjrxfziEZrVqtbYDhS7iJ4qgJT1z3O/e7GG31LN AT6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722436581; x=1723041381; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MpfLEWhTNYsztTZUist4DkFQWGQUQxtEy7gAUiTdvXo=; b=YOOZ0O9U+0FJcotaER5DTrPcYW+kj99Z5H4JdGZ3wIBjDtSce5JR7MKqvfnr/u7LuC pANtvpqvQlj2sxkYqCWizX9i4ZUv8gjnhW11OsfGFZZu1PRgQy9qt/IfNWS/kGjFAhlA DHYhDNS1fvG0zIIfjAT2jNBSSZOdpKhJ6GB1mzkYrJOqz9ujqcMhA5ZYRdoAUkmRdl9+ y1bJpAdCE7DkQiiRwVWw9QDe0WKeCF1Fix8+BErVGsDUqxYh/iMk/NrINl/UlpZzVu+f aEnJNfMV93TCWfISD8ZTQocBB8ixejbvL8JpwKdFwxM7r9GAxcDjkBJfOTeVGLwBXI1G rVTw== X-Gm-Message-State: AOJu0Yyt7Iy1Na9KMYDt3eslY9IYVFnH0MAPjaJJNYkTpcVOyIsvvTj6 kcATexxHL5lmM74pH/s0ANIOwZYOZGKyaxaZTYV6DznRgz2KaoXt4US8bZbzfsbVNThbvZP6WWf G X-Google-Smtp-Source: AGHT+IHmzzgfr9U2EwF+QvpbK8GVpy0z//7VKbmXt4J4lQBmVSTAvucMG46AOZSU5g85OWpj+LLrQw== X-Received: by 2002:a05:600c:1392:b0:426:5d37:67f0 with SMTP id 5b1f17b1804b1-42811d8cc95mr101315565e9.13.1722436580664; Wed, 31 Jul 2024 07:36:20 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4282b89a86dsm23976025e9.1.2024.07.31.07.36.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 07:36:20 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , John Snow , Stefan Weil , "Richard W.M. Jones" , Hanna Reitz , Kevin Wolf , qemu-block@nongnu.org Subject: [PATCH 3/7] hw/block/pflash_cfi01: Don't decrement pfl->counter below 0 Date: Wed, 31 Jul 2024 15:36:13 +0100 Message-Id: <20240731143617.3391947-4-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240731143617.3391947-1-peter.maydell@linaro.org> References: <20240731143617.3391947-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::32a; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org In pflash_write() Coverity points out that we can decrement the unsigned pfl->counter below zero, which makes it wrap around. In fact this is harmless, because if pfl->counter is 0 at this point we also increment pfl->wcycle to 3, and the wcycle == 3 handling doesn't look at counter; the only way back into code which looks at the counter value is via wcycle == 1, which will reinitialize the counter. But it's arguably a little clearer to break early in the "counter == 0" if(), to avoid the decrement-below-zero. Resolves: Coverity CID 1547611 Signed-off-by: Peter Maydell Reviewed-by: Kevin Wolf Reviewed-by: Philippe Mathieu-Daudé --- hw/block/pflash_cfi01.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c index c8f1cf5a872..2f3d1dd509c 100644 --- a/hw/block/pflash_cfi01.c +++ b/hw/block/pflash_cfi01.c @@ -614,6 +614,7 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset, if (!pfl->counter) { trace_pflash_write(pfl->name, "block write finished"); pfl->wcycle++; + break; } pfl->counter--; From patchwork Wed Jul 31 14:36:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13748859 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 45E38C3DA7F for ; Wed, 31 Jul 2024 14:37:59 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sZARN-0004lR-O6; Wed, 31 Jul 2024 10:36:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sZARH-0004VL-Vv for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:29 -0400 Received: from mail-wm1-x330.google.com ([2a00:1450:4864:20::330]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sZARD-0002eC-Nx for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:26 -0400 Received: by mail-wm1-x330.google.com with SMTP id 5b1f17b1804b1-42122ac2f38so6298255e9.1 for ; Wed, 31 Jul 2024 07:36:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1722436581; x=1723041381; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mqmrBtYb8ViR13sxNlTUjriTArU/8ikLrSiXBCb4+9Q=; b=P0QOKp5fkTNMmBU+g3UKBk1cLg8UmUMzqt++z1mf62smXFZNA0CD//fmkBYSKa/Aqs 2TY/9mxuG/MSC8zimFACc4TQ8VC4mv2Jefcd2Gy8JANM0vg1G5EFUBzODyNZkBGnVxE8 hS1GxKOJQQmIzn9G1wnwTi3Hrs59W0gmTFnfp9xiTRlhmvJNzpscGpxJT7uGoICt1R25 sTgreOWLwXK18peHomEAgB2ZvYADlpQ2SMH9EPO4Fzz4+Qk68Q1JQ2O9Xw9EBUTe6tCs SbJb3/6zavgb5QrNHcta0Bb2neWX6638obOkhHuthhE+vZHWvWODkXdFbhWjLJwguG6Q 6dEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722436581; x=1723041381; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mqmrBtYb8ViR13sxNlTUjriTArU/8ikLrSiXBCb4+9Q=; b=lYwqGW9Wzbrp+lK86/Kboqm2lKR2+5NCRkHplOmcfwz49HfD1KkF8/AGr8xx/G0BiX /eluSSFYXh5JAQmPbu+m1dDXMqpVoY2NXXGpiTkgQbOgL+YhSfjBg6KlRRpRwC39BzpP YRAvPfuBkvgvXXq0tn23C8j5hcKgAS/ru2a6f65OhGxuaXf33n3cdzJALSUguxfl1YE8 0YsqmejkDR8ZQEMqUhQgrlCUC/OhO4H055UMHKGIl/2t3YzakbB0AsyK/xw+s/xYivhD +mjrfMlgmiW+Yggh8Z8N4yLamO2GqCxpFj7v+Y0Y+RXaWFWCFqtL2Gn3cyt1MZm9MoME mN2A== X-Gm-Message-State: AOJu0YygRp1KTdFUZanSzdsb0a3KvmlS09v8yXH7xaMhv4pjkKpB6xaB AGhXfzT2+gWOVS8wGxpXvsLiQfzFJEXGfr6XN7s6VvlTbz6E4sfRND4Q/VfeLejAaqK4sJc5HWr i X-Google-Smtp-Source: AGHT+IEtiVN0DM+ve/n9wSITlXRKO/G5kfu3YXSne2swaTnggBpLftRGrMeemDnnl8zRtp/caLxj0w== X-Received: by 2002:a05:600c:3511:b0:426:67f9:a7d8 with SMTP id 5b1f17b1804b1-4282440e013mr41987455e9.9.1722436581281; Wed, 31 Jul 2024 07:36:21 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4282b89a86dsm23976025e9.1.2024.07.31.07.36.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 07:36:21 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , John Snow , Stefan Weil , "Richard W.M. Jones" , Hanna Reitz , Kevin Wolf , qemu-block@nongnu.org Subject: [PATCH 4/7] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates Date: Wed, 31 Jul 2024 15:36:14 +0100 Message-Id: <20240731143617.3391947-5-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240731143617.3391947-1-peter.maydell@linaro.org> References: <20240731143617.3391947-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::330; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x330.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org In ide_atapi_cmd_reply_end() we calculate a 16-bit size, and then assign its two halves to s->lcyl and s->hcyl like this: s->lcyl = size; s->hcyl = size >> 8; Coverity warns that the first line here can overflow the 8-bit s->lcyl variable. This is true, and in this case we're deliberately only after the low 8 bits of the value. The code is clearer to both humans and Coverity if we're explicit that we only wanted the low 8 bits, though. Signed-off-by: Peter Maydell Reviewed-by: Markus Armbruster Reviewed-by: Kevin Wolf --- hw/ide/atapi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c index fcb6cca1573..e82959dc2d3 100644 --- a/hw/ide/atapi.c +++ b/hw/ide/atapi.c @@ -265,7 +265,7 @@ void ide_atapi_cmd_reply_end(IDEState *s) byte_count_limit--; size = byte_count_limit; } - s->lcyl = size; + s->lcyl = size & 0xff; s->hcyl = size >> 8; s->elementary_transfer_size = size; /* we cannot transmit more than one sector at a time */ From patchwork Wed Jul 31 14:36:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13748860 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DE6B6C3DA64 for ; Wed, 31 Jul 2024 14:38:00 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sZARN-0004kj-I9; Wed, 31 Jul 2024 10:36:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sZARH-0004V3-Sl for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:29 -0400 Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sZARD-0002eN-OD for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:26 -0400 Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-4281f00e70cso26130155e9.1 for ; Wed, 31 Jul 2024 07:36:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1722436582; x=1723041382; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MAd46eTldG2I+2ED6a/rVkcfbA6YevMDXfrDk/LBM/Q=; b=R8kL5rlZThLIGA8FZC7y/fcakAuzaOdaxHQoVW6yhlnmNmr5Kkg9TULROnItIo8tDs syiDj3S1+0/sGJdER4TCxKAv2e+wev+Kip9yEUroMk3667fZX6V3hcz91VZtLUZ2Js+V bPo5Pq4ynjGUmy6QrvNLXa3FXI/+XCXOgNgHkzAdFy6mENXFfLJLK09mmN9+qPWvNESE 66ZfdaJFGWL18Z7KCpWOgCtuw4FQIHF5nweUzZ8jCX3BaCuzZ/SjIRcSF9Lp4hxkXOav P+9dGIXEXVbSLA+aCAiuZThn94P+9uNkoX7/+gjGRdwxNH9+mlOyMWmaHlAR296KSsHa LWew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722436582; x=1723041382; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MAd46eTldG2I+2ED6a/rVkcfbA6YevMDXfrDk/LBM/Q=; b=h5oMUuVUJ6f6r0YZuZgeM9lLMAQGistYQLKzkdw3nB/qizRI3EUNUkb3dXNIfx9yg/ Sct+ofZjfWQ0tvFPt+uiilOOApz/Nq/dp+s2bjiLe4fTpw5ppLHm3Ypw1oGwohMO5SZf Fkwg1CMRH6ZEqSafRIECHoO1irBHaHN5Fe+fudAiTTre4dlCao850QXmwz/a9ot0tGgb A/rXPgE7rtKQ3dP4X2rIluq9UCckiiItwL+oIBczhaVuLyJziX2SiwEWGE6oUOU4U/1O +2P78t7ChZlmVh6kfn78yCMegvAn6CSZDWofomJjNH6KwVYKu2ts50+Tuz1gyvPt4/as hF5Q== X-Gm-Message-State: AOJu0Yx6Vpo9fabvl0ZXNE7KjuJ3yKsD3ZQWKKUOvyIn4jmS31UqfNbf 27XIsJN0hj2VN0xI1s60Jv524aEfXxrg7WEi8eQ1osg90ZdiT4cf25w4iiQ2AzzwqEa7D48OBmH 4 X-Google-Smtp-Source: AGHT+IEhSBErl0jyu9s+g96bkqrq1Co2veAAhfqZmHeUBJ5zqUxDD5cMmMuB++ZoSsF8uwkFEz3kow== X-Received: by 2002:a05:600c:4c1a:b0:428:10e3:a000 with SMTP id 5b1f17b1804b1-42811dfe3f3mr77300845e9.37.1722436581874; Wed, 31 Jul 2024 07:36:21 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4282b89a86dsm23976025e9.1.2024.07.31.07.36.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 07:36:21 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , John Snow , Stefan Weil , "Richard W.M. Jones" , Hanna Reitz , Kevin Wolf , qemu-block@nongnu.org Subject: [PATCH 5/7] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something Date: Wed, 31 Jul 2024 15:36:15 +0100 Message-Id: <20240731143617.3391947-6-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240731143617.3391947-1-peter.maydell@linaro.org> References: <20240731143617.3391947-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::32a; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Coverity complains about an overflow in isa_fdc_get_drive_max_chs() that can happen if the loop over fd_formats never finds a match, because we initialize *maxc to 0 and then at the end of the function decrement it. This can't ever actually happen because fd_formats has at least one entry for each FloppyDriveType, so we must at least once find a match and update *maxc, *maxh and *maxs. Assert that we did find a match, which should keep Coverity happy and will also detect possible bugs in the data in fd_formats. Resolves: Coverity CID 1547663 Signed-off-by: Peter Maydell Reviewed-by: Markus Armbruster Reviewed-by: Kevin Wolf Reviewed-by: Philippe Mathieu-Daudé --- hw/block/fdc-isa.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/block/fdc-isa.c b/hw/block/fdc-isa.c index e43dc532af8..796835f57b3 100644 --- a/hw/block/fdc-isa.c +++ b/hw/block/fdc-isa.c @@ -147,6 +147,8 @@ static void isa_fdc_get_drive_max_chs(FloppyDriveType type, uint8_t *maxc, *maxs = fdf->last_sect; } } + /* fd_formats must contain at least one entry per FloppyDriveType */ + assert(*maxc); (*maxc)--; } From patchwork Wed Jul 31 14:36:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13748856 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9AD7DC3DA64 for ; Wed, 31 Jul 2024 14:37:41 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sZARQ-0004wx-C0; Wed, 31 Jul 2024 10:36:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sZARH-0004VI-Uo for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:29 -0400 Received: from mail-wm1-x32f.google.com ([2a00:1450:4864:20::32f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sZARD-0002eY-Tb for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:27 -0400 Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-42809d6e719so38481705e9.3 for ; Wed, 31 Jul 2024 07:36:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1722436582; x=1723041382; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Kb8rrJWADVvXdHvGrD9NacsP9WtS53Udc5d9elH1XfE=; b=riK9jB+hX43CTzerMc46tCM0xe5OWLgf2LyD6qTKFCPQ0v+6lJwrlJxLPpBipsKIe/ PIfg+CW1CleQ08QDnfoTtnhqzuS02iRBWFLtYrKREVeocF3ToL1CVUg/CvQSSVu+B+uk RoSl0y1kJ64My5Izas5+p7U4n7iuzyodew1cuPQ5NtE7tOfiwy7zC26hlkCQlhWiKnFQ 2c8GedKaazfs5wccxdzK70GK2YtYz7/JgzKBVMYmFfN+DuuKM4PdOlr4CbU10T227tp+ YU3bYkfpPQ8X2D78W0bTHcSyXym/guarmNf8acp4k3/cCe4CdN0dC2FtlCJ4LW/sSzB9 dXoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722436582; x=1723041382; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Kb8rrJWADVvXdHvGrD9NacsP9WtS53Udc5d9elH1XfE=; b=ujpHn2O+LWyfxjJxrkzXRDyJuMAMOpmeSIEsFglaG/Kx++ngh5IojXKtPbi0/oXg2j 7Hi+5/GusBaoW3GO9KEvXGEgQVtZrGR0EmunNAG5Ey49wdB0Zcghnc6Zynd3dEiC4m7k URr9Qi2ujy4AFwBpwcoXsxJyb5+x+AXPjel72Z2v+yBdMSH1ZIItRcXwV0/oofJ1nMSZ gPm3kg7SJM3oamSww1wzSraXJDa0B8bShc4XBWloJFWpyjnawsDoCLM3Y0VMj9lZBRkm S64eSblrIcos8ySokPLCS/AGiW9f+RILjSTfaWHoBzoA47frFMrgyjPFkgNqoaGBL7Br hR4w== X-Gm-Message-State: AOJu0YxtHz7U0/QfrHdCzPzJdKYjLA7gq5M7RIhkxY/pnYDsByEGLtr4 58CakdinEhEOqrYlbx0qDknZFaGmFQeZivx+ezKAVIPOC+HwpiH/eFpyMr7wkgo0M+/U1PfFaby y X-Google-Smtp-Source: AGHT+IG0XFFcFLY//fT1hQqd61SRyvaqYzAYw7RFo5X4drLqLTChawEAhPlWrrlxFYXH9Sj3Qv7E2g== X-Received: by 2002:a05:600c:46cc:b0:426:5269:9838 with SMTP id 5b1f17b1804b1-42811d73f0amr94743475e9.4.1722436582479; Wed, 31 Jul 2024 07:36:22 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4282b89a86dsm23976025e9.1.2024.07.31.07.36.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 07:36:22 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , John Snow , Stefan Weil , "Richard W.M. Jones" , Hanna Reitz , Kevin Wolf , qemu-block@nongnu.org Subject: [PATCH 6/7] hw/ide/pci.c: Remove dead code from bmdma_prepare_buf() Date: Wed, 31 Jul 2024 15:36:16 +0100 Message-Id: <20240731143617.3391947-7-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240731143617.3391947-1-peter.maydell@linaro.org> References: <20240731143617.3391947-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::32f; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Coverity notes that the code at the end of the loop in bmdma_prepare_buf() is unreachable. This is because in commit 9fbf0fa81fca8f527 ("ide: remove hardcoded 2GiB transactional limit") we removed the only codepath in the loop which could "break" out of it, but didn't notice that this meant we should also remove the code at the end of the loop. Remove the dead code. Resolves: Coverity CID 1547772 Signed-off-by: Peter Maydell Reviewed-by: Kevin Wolf Reviewed-by: Philippe Mathieu-Daudé --- hw/ide/pci.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/hw/ide/pci.c b/hw/ide/pci.c index 4675d079a17..f2cb500a94f 100644 --- a/hw/ide/pci.c +++ b/hw/ide/pci.c @@ -266,10 +266,6 @@ static int32_t bmdma_prepare_buf(const IDEDMA *dma, int32_t limit) s->io_buffer_size += l; } } - - qemu_sglist_destroy(&s->sg); - s->io_buffer_size = 0; - return -1; } /* return 0 if buffer completed */ From patchwork Wed Jul 31 14:36:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13748857 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DA6C9C3DA7F for ; Wed, 31 Jul 2024 14:37:49 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sZARP-0004nr-Oo; Wed, 31 Jul 2024 10:36:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sZARJ-0004Vc-17 for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:29 -0400 Received: from mail-lj1-x22e.google.com ([2a00:1450:4864:20::22e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sZARE-0002ek-Ki for qemu-devel@nongnu.org; Wed, 31 Jul 2024 10:36:27 -0400 Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2ef2cb7d562so75761411fa.3 for ; Wed, 31 Jul 2024 07:36:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1722436583; x=1723041383; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6N+m3/t8IvmE5Sgkmkq6gGUNm/dDeZpi/vHzdYBag3E=; b=Wl1onWjwY1bhrprcnf3qQgIF5Wr4/hlPrBlS09soj9EG5HOgZBZJ15024cIlmuSAK5 zb1qy/v/iIhgjdgiIKJ6IPu9k6VzLfLa9Nq/lmpzdOHwtP6fbzFop/sQfHZiyIu14bjm uZ9WQ3zeTtQ7xibONY+ii5s2mvHk9mLPUBZ/pTYPJsiLsAcEhnIRb25ctuDvTbXEhU2u ArZ2C3AaSOng9fQHhMzPSXOtv9h67c3KGB/yBEDoQI8BxsIIk1tVPdIfAcElRPWbUja/ 4NrLd/SEB/83CTpOoozwc0ZM2icRQcv+nq9AnkIB2JSLhB+QfkFptRe41j1ITuKv4SJO hW7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722436583; x=1723041383; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6N+m3/t8IvmE5Sgkmkq6gGUNm/dDeZpi/vHzdYBag3E=; b=SlxxCpoYcBLikr+lFMq+EWk3ArDQ9V5r+q1Fb9iaQa3Eh2aqVUuT9Pu+AGv79ByByC /VciCaLozbcuVBfAzMprkH1z9GSkqnja6HyCGPnZVcxTy0tCSbNx4aZJ5PC0dtJHhO+t 3vpp/SiKo3IBMfWkqrdHPv/K1KU2aRcQcZswsb9+oKKAg38apB9I9GC3CjhSzXIXCaEJ pM0dQzwGdu4jRSLGY3Ax14MggvLUDg48Aduc6WjC3L1biJD/yIi2MSaNXfTfjQi0N4QI ENqYwu6sqRVmrl/MbDdii5efUR3tkC9U2ZNYBdKXooCARryffgjK/Ik7cEWwcPDtFf3y Yrqw== X-Gm-Message-State: AOJu0Yxid0YtCvroYZnbERCVOGlMwDxudkRVEeTgVSWh7dEU+STtD5Pl NbcaMEQp4eB2Ig56P3qriBVAjztLuc9Z5KhoLMI8WjDFSWDCx7jKzZGLGSrRdyWFyNPwgww8ADH N X-Google-Smtp-Source: AGHT+IF9r4V6T2a2m+mgsn3GI7Y2U5gf/aG2t4Zry+80JI0bMJ9IWysDmCtxx6a+j5H0q0Gi3BY1aA== X-Received: by 2002:a2e:9dc6:0:b0:2ef:2b06:b686 with SMTP id 38308e7fff4ca-2f12ecd2d3fmr109026131fa.17.1722436583009; Wed, 31 Jul 2024 07:36:23 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4282b89a86dsm23976025e9.1.2024.07.31.07.36.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 07:36:22 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , John Snow , Stefan Weil , "Richard W.M. Jones" , Hanna Reitz , Kevin Wolf , qemu-block@nongnu.org Subject: [PATCH 7/7] block/ssh.c: Don't double-check that characters are hex digits Date: Wed, 31 Jul 2024 15:36:17 +0100 Message-Id: <20240731143617.3391947-8-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240731143617.3391947-1-peter.maydell@linaro.org> References: <20240731143617.3391947-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::22e; envelope-from=peter.maydell@linaro.org; helo=mail-lj1-x22e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org In compare_fingerprint() we effectively check whether the characters in the fingerprint are valid hex digits twice: first we do so with qemu_isxdigit(), but then the hex2decimal() function also has a code path where it effectively detects an invalid digit and returns -1. This causes Coverity to complain because it thinks that we might use that -1 value in an expression where it would be an integer overflow. Avoid the double-check of hex digit validity by testing the return values from hex2decimal() rather than doing separate calls to qemu_isxdigit(). Signed-off-by: Peter Maydell Reviewed-by: Kevin Wolf --- Could alternatively have put a g_assert_non_reached() in hex2decimal(), but this seemed better to me. --- block/ssh.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/block/ssh.c b/block/ssh.c index 27d582e0e3d..510dd208aba 100644 --- a/block/ssh.c +++ b/block/ssh.c @@ -376,13 +376,15 @@ static int compare_fingerprint(const unsigned char *fingerprint, size_t len, unsigned c; while (len > 0) { + unsigned c0, c1; while (*host_key_check == ':') host_key_check++; - if (!qemu_isxdigit(host_key_check[0]) || - !qemu_isxdigit(host_key_check[1])) + c0 = hex2decimal(host_key_check[0]); + c1 = hex2decimal(host_key_check[1]); + if (c0 > 0xf || c1 > 0xf) { return 1; - c = hex2decimal(host_key_check[0]) * 16 + - hex2decimal(host_key_check[1]); + } + c = c0 * 16 + c1; if (c - *fingerprint != 0) return c - *fingerprint; fingerprint++;