[PULL 19/28] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Philippe Mathieu-Daudé" <philmd@linaro.org>
To: qemu-devel@nongnu.org
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
	"Markus Armbruster" <armbru@redhat.com>,
	"Kevin Wolf" <kwolf@redhat.com>,
	"Philippe Mathieu-Daudé" <philmd@linaro.org>
Subject: [PULL 19/28] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates
Date: Tue,  6 Aug 2024 14:51:47 +0200	[thread overview]
Message-ID: <20240806125157.91185-20-philmd@linaro.org> (raw)
In-Reply-To: <20240806125157.91185-1-philmd@linaro.org>

From: Peter Maydell <peter.maydell@linaro.org>

In ide_atapi_cmd_reply_end() we calculate a 16-bit size, and then
assign its two halves to s->lcyl and s->hcyl like this:

           s->lcyl = size;
           s->hcyl = size >> 8;

Coverity warns that the first line here can overflow the
8-bit s->lcyl variable. This is true, and in this case we're
deliberately only after the low 8 bits of the value. The
code is clearer to both humans and Coverity if we're explicit
that we only wanted the low 8 bits, though.

Resolves: Coverity CID 1547621
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20240731143617.3391947-5-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 hw/ide/atapi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index fcb6cca157..e82959dc2d 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -265,7 +265,7 @@ void ide_atapi_cmd_reply_end(IDEState *s)
                     byte_count_limit--;
                 size = byte_count_limit;
             }
-            s->lcyl = size;
+            s->lcyl = size & 0xff;
             s->hcyl = size >> 8;
             s->elementary_transfer_size = size;
             /* we cannot transmit more than one sector at a time */
-- 
2.45.2

next prev parent reply	other threads:[~2024-08-06 13:01 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-06 12:51 [PULL 00/28] Misc HW & UI patches for 2024-08-06 Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 01/28] hw/intc/loongson_ipi: Rename LoongsonIPI -> LoongsonIPIState Philippe Mathieu-Daudé
2024-08-07  7:14   ` maobibo
2024-08-07  7:24     ` Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 02/28] hw/intc/loongson_ipi: Extract loongson_ipi_common_realize() Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 03/28] hw/intc/loongson_ipi: Add TYPE_LOONGSON_IPI_COMMON stub Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 04/28] hw/intc/loongson_ipi: Move common definitions to loongson_ipi_common.h Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 05/28] hw/intc/loongson_ipi: Move IPICore::mmio_mem to LoongsonIPIState Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 06/28] hw/intc/loongson_ipi: Move IPICore structure to loongson_ipi_common.h Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 07/28] hw/intc/loongson_ipi: Pass LoongsonIPICommonState to send_ipi_data() Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 08/28] hw/intc/loongson_ipi: Add LoongsonIPICommonClass::get_iocsr_as handler Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 09/28] hw/intc/loongson_ipi: Add LoongsonIPICommonClass::cpu_by_arch_id handler Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 10/28] hw/intc/loongson_ipi: Expose loongson_ipi_core_read/write helpers Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 11/28] hw/intc/loongson_ipi: Move common code to loongson_ipi_common.c Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 12/28] hw/intc/loongarch_ipi: Add loongarch IPI support Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 13/28] hw/loongarch/virt: Replace Loongson IPI with LoongArch IPI Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 14/28] hw/intc/loongson_ipi: Restrict to MIPS Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 15/28] hw/sd/sdcard: Explicit dummy byte value Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 16/28] hw/sd/sdcard: Do not abort when reading DAT lines on invalid cmd state Philippe Mathieu-Daudé
2024-08-11  7:41   ` Michael Tokarev
2024-08-06 12:51 ` [PULL 17/28] hw/sd/sdhci: Reset @data_count index on invalid ADMA transfers Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 18/28] hw/block/pflash_cfi01: Don't decrement pfl->counter below 0 Philippe Mathieu-Daudé
2024-08-06 12:51 ` Philippe Mathieu-Daudé [this message]
2024-08-06 12:51 ` [PULL 20/28] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 21/28] hw/ide/pci: Remove dead code from bmdma_prepare_buf() Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 22/28] hw/display/virtio-gpu: Improve "opengl is not available" error message Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 23/28] system/vl.c: Expand OpenGL related errors Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 24/28] ui/console: Note in '-display help' that some backends support suboptions Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 25/28] hw/pci-host/gt64120: Set PCI base address register write mask Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 26/28] hw/pci-host/gt64120: Reset config registers during RESET phase Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 27/28] docs/specs/pci-ids: Add missing devices Philippe Mathieu-Daudé
2024-08-06 12:51 ` [PULL 28/28] docs/specs/pci-ids: Fix markup Philippe Mathieu-Daudé
2024-08-06 21:08 ` [PULL 00/28] Misc HW & UI patches for 2024-08-06 Richard Henderson

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fcb6cca15 dfblob:e82959dc2 )
 OR (
bs:"[PULL 19/28] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240806125157.91185-20-philmd@linaro.org \
    --to=philmd@linaro.org \
    --cc=armbru@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).