QEMU-Devel Archive on lore.kernel.org
 help / color / Atom feed
* acpi_pcihp_eject_slot() bug if passed 'slots == 0'
@ 2020-03-26 11:52 Peter Maydell
  2020-03-26 12:29 ` Igor Mammedov
  2020-03-26 13:23 ` Igor Mammedov
  0 siblings, 2 replies; 8+ messages in thread
From: Peter Maydell @ 2020-03-26 11:52 UTC (permalink / raw)
  To: QEMU Developers; +Cc: Igor Mammedov, Michael S. Tsirkin

Hi; Coverity spots that if hw/acpi/pcihp.c:acpi_pcihp_eject_slot()
is passed a zero 'slots' argument then ctz32(slots) will return 32,
and then the code that does '1U << slot' is C undefined behaviour
because it's an oversized shift. (This is CID 1421896.)

Since the pci_write() function in this file can call
acpi_pcihp_eject_slot() with an arbitrary value from the guest,
I think we need to handle 'slots == 0' safely. But what should
the behaviour be?

thanks
-- PMM


^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, back to index

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-26 11:52 acpi_pcihp_eject_slot() bug if passed 'slots == 0' Peter Maydell
2020-03-26 12:29 ` Igor Mammedov
2020-03-26 12:50   ` Igor Mammedov
2020-03-26 13:29     ` Michael S. Tsirkin
2020-03-26 13:23 ` Igor Mammedov
2020-03-26 13:28   ` Michael S. Tsirkin
2020-03-26 13:31     ` Michael S. Tsirkin
2020-03-26 13:40       ` Igor Mammedov

QEMU-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/qemu-devel/0 qemu-devel/git/0.git
	git clone --mirror https://lore.kernel.org/qemu-devel/1 qemu-devel/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 qemu-devel qemu-devel/ https://lore.kernel.org/qemu-devel \
		qemu-devel@nongnu.org
	public-inbox-index qemu-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.nongnu.qemu-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git