diff options
| author | Nicholas Piggin <npiggin@gmail.com> | 2025-03-17 13:49:36 +1000 |
|---|---|---|
| committer | Nicholas Piggin <npiggin@gmail.com> | 2025-03-20 19:57:44 +1000 |
| commit | 965797d19a0d0b5dbe73f1afa110576589d25003 (patch) | |
| tree | 6e822e8ceebcf18ef4d633d753335c14737e7c3a | |
| parent | e0b9357337e4005d7915d8c746eb3ce66c61fac0 (diff) | |
| download | qemu-965797d19a0d0b5dbe73f1afa110576589d25003.zip qemu-965797d19a0d0b5dbe73f1afa110576589d25003.tar.gz qemu-965797d19a0d0b5dbe73f1afa110576589d25003.tar.bz2 | |
ppc/spapr: Fix possible pa_features memory overflow
Coverity reports a possible memory overflow in spapr_dt_pa_features().
This should not be a true bug since DAWR1 cap is only be true for
CPU_POWERPC_LOGICAL_3_10. Add an assertion to ensure any bug there is
caught.
Resolves: Coverity CID 1593722
Fixes: 5f361ea187ba ("ppc: spapr: Enable 2nd DAWR on Power10 pSeries machine")
Reviewed-By: Shivaprasad G Bhat <sbhat@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
| -rw-r--r-- | hw/ppc/spapr.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index a415e51..9865d71 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -296,6 +296,7 @@ static void spapr_dt_pa_features(SpaprMachineState *spapr, pa_features[40 + 2] &= ~0x80; /* Radix MMU */ } if (spapr_get_cap(spapr, SPAPR_CAP_DAWR1)) { + g_assert(pa_size > 66); pa_features[66] |= 0x80; } |