|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen master] hvmloader: use bound checking in get_module_entry
commit 94d3b9990bf73459919fb5b234d088d1ac41c9da
Author: Wei Liu <wei.liu2@xxxxxxxxxx>
AuthorDate: Mon Aug 22 13:47:53 2016 +0100
Commit: Wei Liu <wei.liu2@xxxxxxxxxx>
CommitDate: Mon Aug 22 14:20:19 2016 +0100
hvmloader: use bound checking in get_module_entry
Coverity complains:
overflow_before_widen: Potentially overflowing expression
info->nr_modules * 32U with type unsigned int (32 bits, unsigned) is
evaluated using 32-bit arithmetic, and then used in a context that
expects an expression of type uint64_t (64 bits, unsigned).
The overflow is unlikely to happen in reality because we only expect a
few modules.
Fix that by converting the check to use bound checking to placate
Coverity.
Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
---
tools/firmware/hvmloader/hvmloader.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/firmware/hvmloader/hvmloader.c
b/tools/firmware/hvmloader/hvmloader.c
index 7b32d86..bbd4e34 100644
--- a/tools/firmware/hvmloader/hvmloader.c
+++ b/tools/firmware/hvmloader/hvmloader.c
@@ -272,8 +272,8 @@ const struct hvm_modlist_entry *get_module_entry(
if ( !modlist ||
info->modlist_paddr > UINTPTR_MAX ||
- (info->modlist_paddr + info->nr_modules * sizeof(*modlist) - 1)
- > UINTPTR_MAX )
+ (UINTPTR_MAX - (uintptr_t)info->modlist_paddr) / sizeof(*modlist)
+ < info->nr_modules )
return NULL;
for ( i = 0; i < info->nr_modules; i++ )
--
generated by git-patchbot for /home/xen/git/xen.git#master
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |