From 7baa9c39fc3d525216f0cedcfda5374c26d50e80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 11 Aug 2025 11:31:08 +0200 Subject: hw/scsi/mptsas: Avoid silent integer truncation in MPI_FUNC_IOC_INIT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For the MaxDevices 8-bit field of the request / response structures of the MPI_FUNCTION_IOC_INIT command, the 0x00 value means "max 256 devices". This is not a problem because when max_devices=256, its value (0x100), being casted to a uint8_t, is truncated to 0x00. However Coverity complains for an "Overflowed constant". Fix by re-using the request fields in the response, since they are not modified and use the same types. Fix: Coverity 1547736 (Overflowed constant) Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Peter Maydell Message-Id: <20250811095550.93655-1-philmd@linaro.org> --- hw/scsi/mptsas.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c index 1ebe0b8..4ada35b 100644 --- a/hw/scsi/mptsas.c +++ b/hw/scsi/mptsas.c @@ -579,11 +579,11 @@ static void mptsas_process_ioc_init(MPTSASState *s, MPIMsgIOCInit *req) } memset(&reply, 0, sizeof(reply)); - reply.WhoInit = s->who_init; + reply.WhoInit = req->WhoInit; reply.MsgLength = sizeof(reply) / 4; reply.Function = req->Function; - reply.MaxDevices = s->max_devices; - reply.MaxBuses = s->max_buses; + reply.MaxDevices = req->MaxDevices; + reply.MaxBuses = req->MaxBuses; reply.MsgContext = req->MsgContext; mptsas_fix_ioc_init_reply_endianness(&reply); -- cgit v1.1