| Message ID | 20220721115207.729615-2-peter.maydell@linaro.org |
|---|---|
| State | Accepted |
| Headers | show |
| Series | migration: fix coverity nits | expand |
* Peter Maydell (peter.maydell@linaro.org) wrote: > Coverity complains that when we use the return value from > migrate_multifd_compression() as an array index: > multifd_recv_state->ops = multifd_ops[migrate_multifd_compression()]; > > that this might overrun the array (which is declared to have size > MULTIFD_COMPRESSION__MAX). This is because the function return type > is MultiFDCompression, which is an autogenerated enum. The code > generator includes the "one greater than the maximum possible value" > MULTIFD_COMPRESSION__MAX in the enum, even though this is not > actually a valid value for the enum, and this makes Coverity think > that migrate_multifd_compression() could return that __MAX value and > index off the end of the array. > > Suppress the Coverity error by asserting that the value we're going > to return is within range. > > Resolves: Coverity CID 1487239, 1487254 > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> > --- > migration/migration.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/migration/migration.c b/migration/migration.c > index e03f698a3ca..befd4c58a69 100644 > --- a/migration/migration.c > +++ b/migration/migration.c > @@ -2617,6 +2617,7 @@ MultiFDCompression migrate_multifd_compression(void) > > s = migrate_get_current(); > > + assert(s->parameters.multifd_compression < MULTIFD_COMPRESSION__MAX); > return s->parameters.multifd_compression; > } > > -- > 2.25.1 >
Peter Maydell <peter.maydell@linaro.org> wrote: > Coverity complains that when we use the return value from > migrate_multifd_compression() as an array index: > multifd_recv_state->ops = multifd_ops[migrate_multifd_compression()]; > > that this might overrun the array (which is declared to have size > MULTIFD_COMPRESSION__MAX). This is because the function return type > is MultiFDCompression, which is an autogenerated enum. The code > generator includes the "one greater than the maximum possible value" > MULTIFD_COMPRESSION__MAX in the enum, even though this is not > actually a valid value for the enum, and this makes Coverity think > that migrate_multifd_compression() could return that __MAX value and > index off the end of the array. > > Suppress the Coverity error by asserting that the value we're going > to return is within range. > > Resolves: Coverity CID 1487239, 1487254 > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Juan Quintela <quintela@redhat.com>
diff --git a/migration/migration.c b/migration/migration.c index e03f698a3ca..befd4c58a69 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -2617,6 +2617,7 @@ MultiFDCompression migrate_multifd_compression(void) s = migrate_get_current(); + assert(s->parameters.multifd_compression < MULTIFD_COMPRESSION__MAX); return s->parameters.multifd_compression; }
Coverity complains that when we use the return value from migrate_multifd_compression() as an array index: multifd_recv_state->ops = multifd_ops[migrate_multifd_compression()]; that this might overrun the array (which is declared to have size MULTIFD_COMPRESSION__MAX). This is because the function return type is MultiFDCompression, which is an autogenerated enum. The code generator includes the "one greater than the maximum possible value" MULTIFD_COMPRESSION__MAX in the enum, even though this is not actually a valid value for the enum, and this makes Coverity think that migrate_multifd_compression() could return that __MAX value and index off the end of the array. Suppress the Coverity error by asserting that the value we're going to return is within range. Resolves: Coverity CID 1487239, 1487254 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- migration/migration.c | 1 + 1 file changed, 1 insertion(+)