diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2025-07-10 17:15:52 +0100 |
|---|---|---|
| committer | Thomas Huth <thuth@redhat.com> | 2025-07-11 09:42:47 +0200 |
| commit | 3ffa21d293bf5e4f997ba117ee3e943344b71044 (patch) | |
| tree | 240051d2497571e50376fe3d1c316a3326869b5c /scripts/qapi/backend.py | |
| parent | 79d7e60c326bcb9d165e5d52a29b238937bedd8d (diff) | |
| download | focaccia-qemu-3ffa21d293bf5e4f997ba117ee3e943344b71044.tar.gz focaccia-qemu-3ffa21d293bf5e4f997ba117ee3e943344b71044.zip | |
hw/s390x/s390-pci-bus.c: Use g_assert_not_reached() in functions taking an ett
The s390-pci-bus.c code, Coverity complains about a possible overflow because get_table_index() can return -1 if the ett value passed in is not one of the three permitted ZPCI_ETT_PT, ZPCI_ETT_ST, ZPCI_ETT_RT, but the caller in table_translate() doesn't check this and instead uses the return value directly in a calculation of the guest address to read from. In fact this case cannot happen, because: * get_table_index() is called only from table_translate() * the only caller of table_translate() loops through the ett values in the order RT, ST, PT until table_translate() returns 0 * table_translate() will return 0 for the error cases and when translate_iscomplete() returns true * translate_iscomplete() is always true for ZPCI_ETT_PT So table_translate() is always called with a valid ett value. Instead of having the various functions called from table_translate() return a default or dummy value when the ett argument is out of range, use g_assert_not_reached() to indicate that this is impossible. Coverity: CID 1547609 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com> Reviewed-by: Halil Pasic <pasic@linux.ibm.com> Message-ID: <20250710161552.1287399-1-peter.maydell@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Diffstat (limited to 'scripts/qapi/backend.py')
0 files changed, 0 insertions, 0 deletions