Re: [Qemu-devel] [PATCH v2] xilinx_spips: Correct usage of an uninitiali

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2] xilinx_spips: Correct usage of an uninitiali

From:	Peter Maydell
Subject:	Re: [Qemu-devel] [PATCH v2] xilinx_spips: Correct usage of an uninitialized local variable
Date:	Mon, 22 Jan 2018 11:17:07 +0000

On 17 January 2018 at 21:34, Francisco Iglesias
<address@hidden> wrote:
> Coverity found that the variable tx_rx in the function
> xilinx_spips_flush_txfifo was being used uninitialized (CID 1383841). This
> patch corrects this by always initializing tx_rx to zeros.
>
> Signed-off-by: Francisco Iglesias <address@hidden>
>
> ---
> v2. Add a sanity check on the num_busses property when realizing the
>     devices.
> ---
>  hw/ssi/xilinx_spips.c | 13 ++++++++++++-
>  1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
> index 85c5d0c..12f1de9 100644
> --- a/hw/ssi/xilinx_spips.c
> +++ b/hw/ssi/xilinx_spips.c
> @@ -210,6 +210,9 @@
>  #define SNOOP_NONE 0xEE
>  #define SNOOP_STRIPING 0
>
> +#define MIN_NUM_BUSSES 1
> +#define MAX_NUM_BUSSES 2
> +
>  static inline int num_effective_busses(XilinxSPIPS *s)
>  {
>      return (s->regs[R_LQSPI_CFG] & LQSPI_CFG_SEP_BUS &&
> @@ -573,7 +576,7 @@ static void xilinx_spips_flush_txfifo(XilinxSPIPS *s)
>      for (;;) {
>          int i;
>          uint8_t tx = 0;
> -        uint8_t tx_rx[num_effective_busses(s)];
> +        uint8_t tx_rx[MAX_NUM_BUSSES] = { 0 };
>          uint8_t dummy_cycles = 0;
>          uint8_t addr_length;
>
> @@ -1221,6 +1224,14 @@ static void xilinx_spips_realize(DeviceState *dev, 
> Error **errp)
>
>      DB_PRINT_L(0, "realized spips\n");
>
> +    if (s->num_busses < MIN_NUM_BUSSES || s->num_busses > MAX_NUM_BUSSES) {
> +        qemu_log_mask(LOG_GUEST_ERROR,
> +                      "%s: Invalid number of spi busses requested, "
> +                      "will default to use one bus\n",
> +                      __func__);
> +        s->num_busses = 1;

Realize functions should report errors in their parameters via the Error**
parameter (which will cause the realize operation to fail, which the caller
can deal with appropriately). Here's an example from the realize function
for the GICv3:

    if (s->num_irq > GICV3_MAXIRQ) {
        error_setg(errp,
                   "requested %u interrupt lines exceeds GIC maximum %d",
                   s->num_irq, GICV3_MAXIRQ);
        return;
    }

(Note no trailing \n required for error_setg strings, unlike qemu_log_mask.)

thanks
-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v2] xilinx_spips: Correct usage of an uninitialized local variable, Francisco Iglesias, 2018/01/17
- Re: [Qemu-devel] [PATCH v2] xilinx_spips: Correct usage of an uninitialized local variable, Peter Maydell <=
  - Re: [Qemu-devel] [PATCH v2] xilinx_spips: Correct usage of an uninitialized local variable, francisco iglesias, 2018/01/22

Prev by Date: Re: [Qemu-devel] [PATCH] target/arm: Fix 32-bit address truncation
Next by Date: [Qemu-devel] [PULL 2/9] tests/cpu-plug-test: Check the CPU hot-plugging with device_add, too
Previous by thread: [Qemu-devel] [PATCH v2] xilinx_spips: Correct usage of an uninitialized local variable
Next by thread: Re: [Qemu-devel] [PATCH v2] xilinx_spips: Correct usage of an uninitialized local variable
Index(es):
- Date
- Thread