target/xtensa: Assert that interrupt level is within bounds

In handle_interrupt() we use level as an index into the interrupt_vector[] array. This is safe because we have checked it against env->config->nlevel, but Coverity can't see that (and it is only true because each CPU config sets its XCHAL_NUM_INTLEVELS to something less than MAX_NLEVELS), so it complains about a possible array overrun (CID 1507131) Add an assert() which will make Coverity happy and catch the unlikely case of a mis-set XCHAL_NUM_INTLEVELS in future. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Max Filippov <jcmvbkbc@gmail.com> Message-id: 20230623154135.1930261-1-peter.maydell@linaro.org
author: Peter Maydell <peter.maydell@linaro.org> 2023-06-23 16:41:35 +0100
committer: Peter Maydell <peter.maydell@linaro.org> 2023-07-06 13:26:43 +0100
commit: ad18376b90c8101b8eed2fd571bdbb94636ccc2e (patch)
tree: 0a99782705624114bb6e404292d717c5c2ad4aea /target/xtensa
parent: 9057e5f7c9550d1ea419ce838ae6d0df96fb062e (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/target/xtensa/exc_helper.c b/target/xtensa/exc_helper.c
index d4823a65cd..43f6a862de 100644
--- a/target/xtensa/exc_helper.c
+++ b/target/xtensa/exc_helper.c
@@ -169,6 +169,9 @@ static void handle_interrupt(CPUXtensaState *env)
         CPUState *cs = env_cpu(env);
 
         if (level > 1) {
+            /* env->config->nlevel check should have ensured this */
+            assert(level < sizeof(env->config->interrupt_vector));
+
             env->sregs[EPC1 + level - 1] = env->pc;
             env->sregs[EPS2 + level - 2] = env->sregs[PS];
             env->sregs[PS] =
author	Peter Maydell <peter.maydell@linaro.org>	2023-06-23 16:41:35 +0100
committer	Peter Maydell <peter.maydell@linaro.org>	2023-07-06 13:26:43 +0100
commit	ad18376b90c8101b8eed2fd571bdbb94636ccc2e (patch)
tree	0a99782705624114bb6e404292d717c5c2ad4aea /target/xtensa
parent	9057e5f7c9550d1ea419ce838ae6d0df96fb062e (diff)