[Qemu-devel] [PATCH 03/11] ide: Fix error messages from static code analysis (no real error)

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Kevin Wolf <kwolf@redhat.com>
To: anthony@codemonkey.ws
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 03/11] ide: Fix error messages from static code analysis (no real error)
Date: Fri, 14 Sep 2012 14:39:04 +0200	[thread overview]
Message-ID: <1347626352-6023-4-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1347626352-6023-1-git-send-email-kwolf@redhat.com>

From: Stefan Weil <sw@weilnetz.de>

Report from smatch:
hw/ide/core.c:1472 ide_exec_cmd(423) error: buffer overflow 'smart_attributes' 8 <= 29
hw/ide/core.c:1474 ide_exec_cmd(425) error: buffer overflow 'smart_attributes' 8 <= 29
hw/ide/core.c:1475 ide_exec_cmd(426) error: buffer overflow 'smart_attributes' 8 <= 29
...

The upper limit of 30 was never reached because both for loops terminated
when 'smart_attributes' reached end of list, so there was no real buffer
overflow.

Nevertheless, changing the code not only fixes the error report, but also
reduces the size of smart_attributes and simplifies the for loops.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 hw/ide/core.c |   11 ++---------
 1 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index d65ef3d..d6fb69c 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -53,8 +53,6 @@ static const int smart_attributes[][12] = {
     { 0x0c, 0x03, 0x00, 0x64, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
     /* airflow-temperature-celsius */
     { 190,  0x03, 0x00, 0x45, 0x45, 0x1f, 0x00, 0x1f, 0x1f, 0x00, 0x00, 0x32},
-    /* end of list */
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
 };
 
 static int ide_handle_rw_error(IDEState *s, int error, int op);
@@ -1468,9 +1466,7 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
 	case SMART_READ_THRESH:
 		memset(s->io_buffer, 0, 0x200);
 		s->io_buffer[0] = 0x01; /* smart struct version */
-		for (n=0; n<30; n++) {
-		if (smart_attributes[n][0] == 0)
-			break;
+		for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
 		s->io_buffer[2+0+(n*12)] = smart_attributes[n][0];
 		s->io_buffer[2+1+(n*12)] = smart_attributes[n][11];
 		}
@@ -1484,10 +1480,7 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
 	case SMART_READ_DATA:
 		memset(s->io_buffer, 0, 0x200);
 		s->io_buffer[0] = 0x01; /* smart struct version */
-		for (n=0; n<30; n++) {
-		    if (smart_attributes[n][0] == 0) {
-			break;
-		    }
+		for (n = 0; n < ARRAY_SIZE(smart_attributes); n++) {
 		    int i;
 		    for(i = 0; i < 11; i++) {
 			s->io_buffer[2+i+(n*12)] = smart_attributes[n][i];
-- 
1.7.6.5

next prev parent reply	other threads:[~2012-09-14 12:39 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-09-14 12:39 [Qemu-devel] [PULL 00/11] Block patches Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 01/11] sheepdog: fix savevm and loadvm Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 02/11] ATAPI: STARTSTOPUNIT only eject/load media if powercondition is 0 Kevin Wolf
2012-09-14 12:39 ` Kevin Wolf [this message]
2012-09-14 12:39 ` [Qemu-devel] [PATCH 04/11] block/curl: Fix wrong free statement Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 05/11] vdi: Fix warning from clang Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 06/11] block: fix block tray status Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 07/11] ahci: properly reset PxCMD on HBA reset Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 08/11] qapi: Add SnapshotInfo and ImageInfo Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 09/11] qemu-img: Add json output option to the info command Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 10/11] Don't require encryption password for 'qemu-img info' command Kevin Wolf
2012-09-14 12:39 ` [Qemu-devel] [PATCH 11/11] block: Don't forget to delete temporary file Kevin Wolf
2012-09-17 18:19 ` [Qemu-devel] [PULL 00/11] Block patches Anthony Liguori
2012-09-18 17:49 ` Michael Tokarev
2012-09-19  8:42   ` Kevin Wolf

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d65ef3d dfblob:d6fb69c )
 OR (
bs:"[Qemu-devel] [PATCH 03/11] ide: Fix error messages from static code analysis (no real error)" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1347626352-6023-4-git-send-email-kwolf@redhat.com \
    --to=kwolf@redhat.com \
    --cc=anthony@codemonkey.ws \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).