[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 1/2] xen-pt: fix Negative array index read
From: |
arei.gonglei |
Subject: |
[Qemu-devel] [PATCH 1/2] xen-pt: fix Negative array index read |
Date: |
Sat, 31 Jan 2015 15:27:56 +0800 |
From: Gonglei <address@hidden>
Coverity spot:
Function xen_pt_bar_offset_to_index() may returns a negative
number (-1) value index, which as an index to array d->io_regions.
Let's directly and simply pass index as an argument to
xen_pt_bar_reg_parse().
Signed-off-by: Gonglei <address@hidden>
---
hw/xen/xen_pt_config_init.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index de9a20f..710fe50 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -360,15 +360,13 @@ static uint64_t xen_pt_get_bar_size(PCIIORegion *r)
}
static XenPTBarFlag xen_pt_bar_reg_parse(XenPCIPassthroughState *s,
- XenPTRegInfo *reg)
+ int index)
{
PCIDevice *d = &s->dev;
XenPTRegion *region = NULL;
PCIIORegion *r;
- int index = 0;
/* check 64bit BAR */
- index = xen_pt_bar_offset_to_index(reg->offset);
if ((0 < index) && (index < PCI_ROM_SLOT)) {
int type = s->real_device.io_regions[index - 1].type;
@@ -422,7 +420,7 @@ static int xen_pt_bar_reg_init(XenPCIPassthroughState *s,
XenPTRegInfo *reg,
}
/* set BAR flag */
- s->bases[index].bar_flag = xen_pt_bar_reg_parse(s, reg);
+ s->bases[index].bar_flag = xen_pt_bar_reg_parse(s, index);
if (s->bases[index].bar_flag == XEN_PT_BAR_FLAG_UNUSED) {
reg_field = XEN_PT_INVALID_REG;
}
--
1.7.12.4