summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLidong Chen2019-06-19 21:14:46 +0200
committerPaolo Bonzini2019-06-21 13:25:29 +0200
commit1c598ab2b88571d8c75cfebbef09d4c1c675132c (patch)
tree64d188644c15ca28144d125b6effc9faed6eaaa9
parenttarget/i386: kvm: Add nested migration blocker only when kernel lacks require... (diff)
downloadqemu-1c598ab2b88571d8c75cfebbef09d4c1c675132c.tar.gz
qemu-1c598ab2b88571d8c75cfebbef09d4c1c675132c.tar.xz
qemu-1c598ab2b88571d8c75cfebbef09d4c1c675132c.zip
sd: Fix out-of-bounds assertions
Due to an off-by-one error, the assert statements allow an out-of-bound array access. This doesn't happen in practice, but the static analyzer notices. Signed-off-by: Lidong Chen <lidong.chen@oracle.com> Reviewed-by: Liam Merwick <liam.merwick@oracle.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <6b19cb7359a10a6bedc3ea0fce22fed3ef93c102.1560806687.git.lidong.chen@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-rw-r--r--hw/sd/sd.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
index 60500ec8fe..917195a65b 100644
--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
@@ -145,7 +145,7 @@ static const char *sd_state_name(enum SDCardStates state)
if (state == sd_inactive_state) {
return "inactive";
}
- assert(state <= ARRAY_SIZE(state_name));
+ assert(state < ARRAY_SIZE(state_name));
return state_name[state];
}
@@ -166,7 +166,7 @@ static const char *sd_response_name(sd_rsp_type_t rsp)
if (rsp == sd_r1b) {
rsp = sd_r1;
}
- assert(rsp <= ARRAY_SIZE(response_name));
+ assert(rsp < ARRAY_SIZE(response_name));
return response_name[rsp];
}