|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v1.1 for-4.11 0/3] vpci bugfixes
>>> On 26.03.18 at 13:28, <roger.pau@xxxxxxxxxx> wrote: > This tree patches are bugfixes for the vPCI code merged last week. They > where spotted by Coverity. Thanks for dealing with them. You having omitted Coverity IDs I suppose the report you've looked at was from the XenServer internal instance. That would also explain why you have a fix for an issue the open source instance didn't spot. It spotted another issue though: *** CID 1430809: (BAD_SHIFT) /xen/drivers/vpci/vpci.c: 382 in vpci_read() 376 size - data_offset); 377 378 data = merge_result(data, tmp_data, size - data_offset, data_offset); 379 } 380 spin_unlock(&pdev->vpci->lock); 381 >>> CID 1430809: (BAD_SHIFT) >>> In expression "0xffffffffU >> 32U - 8U * size", right shifting by more >>> than 31 bits has undefined behavior. The shift amount, "32U - 8U * size", >>> is 32. 382 return data & (0xffffffff >> (32 - 8 * size)); 383 } And indeed there's no way I can see that it could prove size to only ever be 1, 2, or 4. I can't figure whether they've actually found a code path where size could end up being zero here. I think/hope a suitable ASSERT() would help. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |