[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/2] migration: Assert that migrate_multifd_compression() ret
From: |
Dr. David Alan Gilbert |
Subject: |
Re: [PATCH 1/2] migration: Assert that migrate_multifd_compression() returns an in-range value |
Date: |
Thu, 21 Jul 2022 13:02:49 +0100 |
User-agent: |
Mutt/2.2.6 (2022-06-05) |
* Peter Maydell (peter.maydell@linaro.org) wrote:
> Coverity complains that when we use the return value from
> migrate_multifd_compression() as an array index:
> multifd_recv_state->ops = multifd_ops[migrate_multifd_compression()];
>
> that this might overrun the array (which is declared to have size
> MULTIFD_COMPRESSION__MAX). This is because the function return type
> is MultiFDCompression, which is an autogenerated enum. The code
> generator includes the "one greater than the maximum possible value"
> MULTIFD_COMPRESSION__MAX in the enum, even though this is not
> actually a valid value for the enum, and this makes Coverity think
> that migrate_multifd_compression() could return that __MAX value and
> index off the end of the array.
>
> Suppress the Coverity error by asserting that the value we're going
> to return is within range.
>
> Resolves: Coverity CID 1487239, 1487254
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> ---
> migration/migration.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/migration/migration.c b/migration/migration.c
> index e03f698a3ca..befd4c58a69 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -2617,6 +2617,7 @@ MultiFDCompression migrate_multifd_compression(void)
>
> s = migrate_get_current();
>
> + assert(s->parameters.multifd_compression < MULTIFD_COMPRESSION__MAX);
> return s->parameters.multifd_compression;
> }
>
> --
> 2.25.1
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK