[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 4/4] vga: Fix divide-by-zero in vga_update_te
|
From: |
Gerd Hoffmann |
|
Subject: |
Re: [Qemu-devel] [PATCH v3 4/4] vga: Fix divide-by-zero in vga_update_text |
|
Date: |
Thu, 12 Jun 2014 12:43:50 +0200 |
Hi,
> 2097 if (cursor_visible && cursor_offset < size && cursor_offset >= 0)
> (23) Event divide_by_zero: In expression "cursor_offset / width",
> division by expression "width" which may be zero has undefined behavior.
> - if (cursor_visible && cursor_offset < size && cursor_offset >= 0)
> + if (cursor_visible && cursor_offset < size && cursor_offset > 0)
> dpy_text_cursor(s->con,
> TEXTMODE_X(cursor_offset),
> TEXTMODE_Y(cursor_offset));
That doesn't fix the reported issue. It's "width" which Coverity thinks
might be zero, not cursor_offset. And cursor_offset being zero is
perfectly fine, happens when the cursor is in the upper left corner.
I have no idea why Coverity thinks width can be zero there. Line 2047:
width = (s->cr[VGA_CRTC_H_DISP] + 1);
(where cr is uint8_t). Hmm, maybe for the wraparound case (i.e.
s->cr[VGA_CRTC_H_DISP] == 0xff)?
cheers,
Gerd