From: Markus Armbruster <armbru@redhat.com>
To: "Philippe Mathieu-Daudé" <philmd@linaro.org>
Cc: Peter Maydell <peter.maydell@linaro.org>,
qemu-devel@nongnu.org, sstabellini@kernel.org,
anthony@xenproject.org, paul@xen.org, edgar.iglesias@gmail.com,
xen-devel@lists.xenproject.org, qemu-trivial@nongnu.org
Subject: Re: [PATCH] hw/display/xenfb: Replace unreachable code by abort()
Date: Wed, 15 Oct 2025 07:50:29 +0200 [thread overview]
Message-ID: <87y0pck922.fsf@pond.sub.org> (raw)
In-Reply-To: <2cad2907-5a93-4630-856f-7237063eb3ce@linaro.org> ("Philippe Mathieu-Daudé"'s message of "Tue, 14 Oct 2025 17:19:31 +0200")
Philippe Mathieu-Daudé <philmd@linaro.org> writes:
> On 14/10/25 14:59, Peter Maydell wrote:
>> On Tue, 14 Oct 2025 at 09:36, Peter Maydell <peter.maydell@linaro.org> wrote:
>>>
>>> On Tue, 29 Jul 2025 at 12:14, Markus Armbruster <armbru@redhat.com> wrote:
>>>>
>>>> xenfb_mouse_event() has a switch statement whose controlling
>>>> expression move->axis is an enum InputAxis. The enum values are
>>>> INPUT_AXIS_X and INPUT_AXIS_Y, encoded as 0 and 1. The switch has a
>>>> case for both axes. In addition, it has an unreachable default label.
>>>> This convinces Coverity that move->axis can be greater than 1. It
>>>> duly reports a buffer overrun when it is used to subscript an array
>>>> with two elements.
>>>
>>> I think also that Coverity gets confused by QAPI's convention
>>> in generated code of defining enumerations like this:
>>>
>>> typedef enum InputAxis {
>>> INPUT_AXIS_X,
>>> INPUT_AXIS_Y,
>>> INPUT_AXIS__MAX,
>>> } InputAxis;
>>>
>>> Coverity thinks that INPUT_AXIS__MAX might be a valid
>>> value it can see in move->axis, because we defined the
>>> enum that way.
>>>
>>> In theory I suppose that since the __MAX value is only
>>> there to be an array or enumeration bound
Correct.
>>> that we could
>>> emit code that #defines it rather than making it part
>>> of the enum.
I'd love that, but it's harder than it has any right to be; see the
message Philippe referred to below.
>> Also, there's an argument that this function should
>> ignore unknown input-axis enum values. If we ever in future
>> extend this to support a Z-axis, it would be better to
>> ignore the events we can't send, the same way we already
>> do for unknown INPUT_EVENT_KIND_BTN button types, rather
>> than aborting.
No objection.
>> But it's not very important, so the
>> g_assert_not_reached() will do.
>>
>> (In some other languages, we'd get a compile failure for
>> adding a new value to the enum that we didn't handle.
>> But not in C :-))
>
> See this thread where it was discussed (until I gave up...):
> https://lore.kernel.org/qemu-devel/873564spze.fsf@pond.sub.org/
prev parent reply other threads:[~2025-10-15 5:51 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-29 11:12 [PATCH] hw/display/xenfb: Replace unreachable code by abort() Markus Armbruster
2025-07-29 11:26 ` Philippe Mathieu-Daudé
2025-07-29 12:16 ` Markus Armbruster
2025-07-29 12:59 ` Philippe Mathieu-Daudé
2025-07-29 13:16 ` Daniel P. Berrangé
2025-10-13 11:10 ` Markus Armbruster
2025-10-13 14:14 ` Philippe Mathieu-Daudé
2025-10-13 19:17 ` Bernhard Beschow
2025-10-14 7:42 ` Markus Armbruster
2025-10-14 8:36 ` Peter Maydell
2025-10-14 12:59 ` Peter Maydell
2025-10-14 15:19 ` Philippe Mathieu-Daudé
2025-10-15 5:50 ` Markus Armbruster [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y0pck922.fsf@pond.sub.org \
--to=armbru@redhat.com \
--cc=anthony@xenproject.org \
--cc=edgar.iglesias@gmail.com \
--cc=paul@xen.org \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-trivial@nongnu.org \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.