On 7/22/24 12:35, Mostafa Saleh wrote:
> Coverity has spotted a possible problem with the OAS handling
> (CID 1558464), where the error return of oas2bits() -1 is not
> checked, which can cause an overflow in oas value.
>
> oas2bits() is only called with valid inputs, harden the function
> to assert that.
>
> Reported-By: Peter Maydell <peter.mayd...@linaro.org>
> Link:
> https://lore.kernel.org/qemu-devel/CAFEAcA-H=n-3mhc+el6yjfl1m+x+b+fk3mkgzbn74wnxiff...@mail.gmail.com/
> Signed-off-by: Mostafa Saleh <smost...@google.com>
Reviewed-by: Eric Auger <eric.au...@redhat.com>
Eric
> ---
> hw/arm/smmuv3-internal.h | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
> index 0ebf2eebcf..b6b7399347 100644
> --- a/hw/arm/smmuv3-internal.h
> +++ b/hw/arm/smmuv3-internal.h
> @@ -599,7 +599,8 @@ static inline int oas2bits(int oas_field)
> case 5:
> return 48;
> }
> - return -1;
> +
> + g_assert_not_reached();
> }
>
> /* CD fields */