From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49785)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1XydMN-0005ks-Pq
	for qemu-devel@nongnu.org; Wed, 10 Dec 2014 04:15:12 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1XydME-0005oA-Lj
	for qemu-devel@nongnu.org; Wed, 10 Dec 2014 04:15:03 -0500
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <54880F06.40302@redhat.com>
Date: Wed, 10 Dec 2014 10:14:46 +0100
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <1418109359-2364-1-git-send-email-zhang.zhanghailiang@huawei.com>
	<54880B00.3030108@msgid.tls.msk.ru>
In-Reply-To: <54880B00.3030108@msgid.tls.msk.ru>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [Qemu-trivial] [PATCH v2] vt82c686: fix coverity
 warning about out-of-bounds write
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Michael Tokarev <mjt@tls.msk.ru>, zhanghailiang <zhang.zhanghailiang@huawei.com>, qemu-trivial@nongnu.org
Cc: sw@weilnetz.de, peter.huangpeng@huawei.com, armbru@redhat.com, afaerber@suse.de, qemu-devel@nongnu.org



On 10/12/2014 09:57, Michael Tokarev wrote:
> 09.12.2014 10:15, zhanghailiang wrote:
>> Refactor superio_ioport_writeb to fix the out of bounds write warning.
> 
> Is it just a warning, or real oob write?
> From the code it looks like it's just a warning...

It's a bug.

The simpler patch would have been just to remove the useless assignment

        superio_conf->config[superio_conf->index] = data & 0xff;

that is *outside* the switch and not protected by if (can_write).  Apart
from this, there is an off-by-one that I'll send a patch for right away.

Paolo

> 
> []
>> +
>> +        }
>> +        if (can_write == true) {
> 
> 09.12.2014 17:08, Paolo Bonzini wrote:
>> Michael, can you remove "== true" when applying this patch?
> 
> Sure, just did.  Does it mean I can add your R-b too? ;)

Sure.

Paolo