From: Paolo Bonzini <pbonzini@redhat.com>
To: Michael Tokarev <mjt@tls.msk.ru>,
zhanghailiang <zhang.zhanghailiang@huawei.com>,
qemu-trivial@nongnu.org
Cc: sw@weilnetz.de, peter.huangpeng@huawei.com, armbru@redhat.com,
afaerber@suse.de, qemu-devel@nongnu.org
Subject: Re: [Qemu-trivial] [PATCH v2] vt82c686: fix coverity warning about out-of-bounds write
Date: Wed, 10 Dec 2014 10:14:46 +0100 [thread overview]
Message-ID: <54880F06.40302@redhat.com> (raw)
In-Reply-To: <54880B00.3030108@msgid.tls.msk.ru>
On 10/12/2014 09:57, Michael Tokarev wrote:
> 09.12.2014 10:15, zhanghailiang wrote:
>> Refactor superio_ioport_writeb to fix the out of bounds write warning.
>
> Is it just a warning, or real oob write?
> From the code it looks like it's just a warning...
It's a bug.
The simpler patch would have been just to remove the useless assignment
superio_conf->config[superio_conf->index] = data & 0xff;
that is *outside* the switch and not protected by if (can_write). Apart
from this, there is an off-by-one that I'll send a patch for right away.
Paolo
>
> []
>> +
>> + }
>> + if (can_write == true) {
>
> 09.12.2014 17:08, Paolo Bonzini wrote:
>> Michael, can you remove "== true" when applying this patch?
>
> Sure, just did. Does it mean I can add your R-b too? ;)
Sure.
Paolo
WARNING: multiple messages have this Message-ID (diff)
From: Paolo Bonzini <pbonzini@redhat.com>
To: Michael Tokarev <mjt@tls.msk.ru>,
zhanghailiang <zhang.zhanghailiang@huawei.com>,
qemu-trivial@nongnu.org
Cc: sw@weilnetz.de, peter.huangpeng@huawei.com, armbru@redhat.com,
afaerber@suse.de, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [Qemu-trivial] [PATCH v2] vt82c686: fix coverity warning about out-of-bounds write
Date: Wed, 10 Dec 2014 10:14:46 +0100 [thread overview]
Message-ID: <54880F06.40302@redhat.com> (raw)
In-Reply-To: <54880B00.3030108@msgid.tls.msk.ru>
On 10/12/2014 09:57, Michael Tokarev wrote:
> 09.12.2014 10:15, zhanghailiang wrote:
>> Refactor superio_ioport_writeb to fix the out of bounds write warning.
>
> Is it just a warning, or real oob write?
> From the code it looks like it's just a warning...
It's a bug.
The simpler patch would have been just to remove the useless assignment
superio_conf->config[superio_conf->index] = data & 0xff;
that is *outside* the switch and not protected by if (can_write). Apart
from this, there is an off-by-one that I'll send a patch for right away.
Paolo
>
> []
>> +
>> + }
>> + if (can_write == true) {
>
> 09.12.2014 17:08, Paolo Bonzini wrote:
>> Michael, can you remove "== true" when applying this patch?
>
> Sure, just did. Does it mean I can add your R-b too? ;)
Sure.
Paolo
next prev parent reply other threads:[~2014-12-10 9:15 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-09 7:15 [Qemu-trivial] [PATCH v2] vt82c686: fix coverity warning about out-of-bounds write zhanghailiang
2014-12-09 7:15 ` [Qemu-devel] " zhanghailiang
2014-12-09 14:08 ` [Qemu-trivial] " Paolo Bonzini
2014-12-09 14:08 ` [Qemu-devel] " Paolo Bonzini
2014-12-10 8:57 ` [Qemu-trivial] " Michael Tokarev
2014-12-10 8:57 ` [Qemu-devel] " Michael Tokarev
2014-12-10 9:14 ` Paolo Bonzini [this message]
2014-12-10 9:14 ` Paolo Bonzini
2014-12-10 9:20 ` zhanghailiang
2014-12-10 9:20 ` [Qemu-devel] " zhanghailiang
2014-12-10 9:53 ` Paolo Bonzini
2014-12-10 9:53 ` [Qemu-devel] " Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54880F06.40302@redhat.com \
--to=pbonzini@redhat.com \
--cc=afaerber@suse.de \
--cc=armbru@redhat.com \
--cc=mjt@tls.msk.ru \
--cc=peter.huangpeng@huawei.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-trivial@nongnu.org \
--cc=sw@weilnetz.de \
--cc=zhang.zhanghailiang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.