diff options
author | Peter Maydell <peter.maydell@linaro.org> | 2022-07-21 12:52:06 +0100 |
---|---|---|
committer | Dr. David Alan Gilbert <dgilbert@redhat.com> | 2022-08-02 16:46:52 +0100 |
commit | ead34f64f97d11626774a57863ca285a7ddc0d18 (patch) | |
tree | 1436c6f5c9208fb4d2f2c2339bbf76ad71dd289c /migration | |
parent | 777f53c75983dd10756f5dbfc8af50fe11da81c1 (diff) |
migration: Assert that migrate_multifd_compression() returns an in-range value
Coverity complains that when we use the return value from
migrate_multifd_compression() as an array index:
multifd_recv_state->ops = multifd_ops[migrate_multifd_compression()];
that this might overrun the array (which is declared to have size
MULTIFD_COMPRESSION__MAX). This is because the function return type
is MultiFDCompression, which is an autogenerated enum. The code
generator includes the "one greater than the maximum possible value"
MULTIFD_COMPRESSION__MAX in the enum, even though this is not
actually a valid value for the enum, and this makes Coverity think
that migrate_multifd_compression() could return that __MAX value and
index off the end of the array.
Suppress the Coverity error by asserting that the value we're going
to return is within range.
Resolves: Coverity CID 1487239, 1487254
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220721115207.729615-2-peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Diffstat (limited to 'migration')
-rw-r--r-- | migration/migration.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/migration/migration.c b/migration/migration.c index 82fbe0cf55..bb8bbddfe4 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -2617,6 +2617,7 @@ MultiFDCompression migrate_multifd_compression(void) s = migrate_get_current(); + assert(s->parameters.multifd_compression < MULTIFD_COMPRESSION__MAX); return s->parameters.multifd_compression; } |