[Qemu-devel] [PATCH 03/11] ide: Fix error messages from static code analysis (no real error)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kevin Wolf <kwolf@redhat.com>
To: anthony@codemonkey.ws
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 03/11] ide: Fix error messages from static code analysis (no real error)
Date: Fri, 14 Sep 2012 14:39:04 +0200	[thread overview]
Message-ID: <1347626352-6023-4-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1347626352-6023-1-git-send-email-kwolf@redhat.com>

From: Stefan Weil <sw@weilnetz.de>

Report from smatch:
hw/ide/core.c:1472 ide_exec_cmd(423) error: buffer overflow 'smart_attributes' 8 <= 29
hw/ide/core.c:1474 ide_exec_cmd(425) error: buffer overflow 'smart_attributes' 8 <= 29
hw/ide/core.c:1475 ide_exec_cmd(426) error: buffer overflow 'smart_attributes' 8 <= 29
...

The upper limit of 30 was never reached because both for loops terminated
when 'smart_attributes' reached end of list, so there was no real buffer
overflow.

Nevertheless, changing the code not only fixes the error report, but also
reduces the size of smart_attributes and simplifies the for loops.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 hw/ide/core.c |   11 ++---------
 1 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index d65ef3d..d6fb69c 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -53,8 +53,6 @@ static const int smart_attributes[][12] = {
     { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
     /* airflow-temperature-celsius */
     { 190,  0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32},
-    /* end of list */
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
 };
 
 static int ide_handle_rw_error(IDEState *s, int error, int op);
@@ -1468,9 +1466,7 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
 	case SMART_READ_THRESH:
 		memset(s->io_buffer, 0, 0x200);
 		s->io_buffer[0] = 0x01; /* smart struct version */
-		for (n=0; n<30; n++) {
-		if (smart_attributes[n][0] == 0)
-			break;
+		for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
 		s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
 		s->io_buffer[2+1+(n*12)] = smart_attributes[n][11];
 		}
@@ -1484,10 +1480,7 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
 	case SMART_READ_DATA:
 		memset(s->io_buffer, 0, 0x200);
 		s->io_buffer[0] = 0x01; /* smart struct version */
-		for (n=0; n<30; n++) {
-		    if (smart_attributes[n][0] == 0) {
-			break;
-		    }
+		for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
 		    int i;
 		    for(i = 0; i < 11; i++) {
 			s->io_buffer[2+i+(n*12)] = smart_attributes[n][i];
-- 
1.7.6.5

next prev parent reply	other threads:[~2012-09-14 12:39 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-09-14 12:39 [Qemu-devel] [PULL 00/11] Block patches Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 01/11] sheepdog: fix savevm and loadvm Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 02/11] ATAPI: STARTSTOPUNIT only eject/load media if powercondition is 0 Kevin Wolf
2012-09-14 12:39 ` Kevin Wolf [this message]
2012-09-14 12:39 ` [Qemu-devel] [PATCH 04/11] block/curl: Fix wrong free statement Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 05/11] vdi: Fix warning from clang Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 06/11] block: fix block tray status Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 07/11] ahci: properly reset PxCMD on HBA reset Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 08/11] qapi: Add SnapshotInfo and ImageInfo Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 09/11] qemu-img: Add json output option to the info command Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 10/11] Don't require encryption password for 'qemu-img info' command Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 11/11] block: Don't forget to delete temporary file Kevin Wolf
2012-09-17 18:19 ` [Qemu-devel] [PULL 00/11] Block patches Anthony Liguori
2012-09-18 17:49 ` Michael Tokarev
2012-09-19  8:42   ` Kevin Wolf

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d65ef3d dfblob:d6fb69c )
 OR (
bs:"[Qemu-devel] [PATCH 03/11] ide: Fix error messages from static code analysis (no real error)" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1347626352-6023-4-git-send-email-kwolf@redhat.com \
    --to=kwolf@redhat.com \
    --cc=anthony@codemonkey.ws \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.