|
From: | Paolo Bonzini |
Subject: | Re: [Qemu-devel] [PATCH v3 4/4] vga: Fix divide-by-zero in vga_update_text |
Date: | Thu, 12 Jun 2014 13:07:28 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 |
Il 12/06/2014 12:43, Gerd Hoffmann ha scritto:
That doesn't fix the reported issue. It's "width" which Coverity thinks might be zero, not cursor_offset. And cursor_offset being zero is perfectly fine, happens when the cursor is in the upper left corner. I have no idea why Coverity thinks width can be zero there. Line 2047: width = (s->cr[VGA_CRTC_H_DISP] + 1); (where cr is uint8_t). Hmm, maybe for the wraparound case (i.e. s->cr[VGA_CRTC_H_DISP] == 0xff)?
Not even that, the result is 0x100, math is done on the "int" data type. In fact I don't even see this defect on scan.coverity.com. Paolo
[Prev in Thread] | Current Thread | [Next in Thread] |