diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2022-05-25 08:59:04 -0400 |
|---|---|---|
| committer | Stefan Berger <stefanb@linux.ibm.com> | 2022-06-01 16:49:35 -0400 |
| commit | 4d84bb6c8b42cc781a02e1ac6648875966abc877 (patch) | |
| tree | 44acb09ab755040e35a4f6ba42ad1a6512a84cdc /hw/tpm/tpm_spapr.c | |
| parent | 7077fcb9b68f058809c9dd9fd1dacae1881e886c (diff) | |
| download | qemu-4d84bb6c8b42cc781a02e1ac6648875966abc877.zip qemu-4d84bb6c8b42cc781a02e1ac6648875966abc877.tar.gz qemu-4d84bb6c8b42cc781a02e1ac6648875966abc877.tar.bz2 | |
hw/tpm/tpm_tis_common.c: Assert that locty is in range
In tpm_tis_mmio_read(), tpm_tis_mmio_write() and
tpm_tis_dump_state(), we calculate a locality index with
tpm_tis_locality_from_addr() and then use it as an index into the
s->loc[] array. In all these cases, the array index can't overflow
because the MemoryRegion is sized to be TPM_TIS_NUM_LOCALITIES <<
TPM_TIS_LOCALITY_SHIFT bytes. However, Coverity can't see that, and
it complains (CID 1487138, 1487180, 1487188, 1487198, 1487240).
Add an assertion to tpm_tis_locality_from_addr() that the calculated
locality index is valid, which will help Coverity and also catch any
potential future bug where the MemoryRegion isn't sized exactly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20220525125904.483075-1-stefanb@linux.ibm.com
Diffstat (limited to 'hw/tpm/tpm_spapr.c')
0 files changed, 0 insertions, 0 deletions