mirror of https://gitee.com/openkylin/qemu.git
virito-pci: fix OVERRUN problem
Overrunning array "proxy->guest_features" of 2 4-byte elements at element index 2 (byte offset 8) using index "proxy->gfselect" (which evaluates to 2). Normally, the Linux kernel driver just read/write '0' or '1' as the "proxy->gfselect" values, so using '<' instead of '=<' to make coverity happy and avoid potential harm. Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
parent
0c8ff723bd
commit
3750dabc69
|
@ -977,7 +977,7 @@ static uint64_t virtio_pci_common_read(void *opaque, hwaddr addr,
|
|||
val = proxy->gfselect;
|
||||
break;
|
||||
case VIRTIO_PCI_COMMON_GF:
|
||||
if (proxy->gfselect <= ARRAY_SIZE(proxy->guest_features)) {
|
||||
if (proxy->gfselect < ARRAY_SIZE(proxy->guest_features)) {
|
||||
val = proxy->guest_features[proxy->gfselect];
|
||||
}
|
||||
break;
|
||||
|
@ -1052,7 +1052,7 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr,
|
|||
proxy->gfselect = val;
|
||||
break;
|
||||
case VIRTIO_PCI_COMMON_GF:
|
||||
if (proxy->gfselect <= ARRAY_SIZE(proxy->guest_features)) {
|
||||
if (proxy->gfselect < ARRAY_SIZE(proxy->guest_features)) {
|
||||
proxy->guest_features[proxy->gfselect] = val;
|
||||
virtio_set_features(vdev,
|
||||
(((uint64_t)proxy->guest_features[1]) << 32) |
|
||||
|
|
Loading…
Reference in New Issue