On 6/5/19 8:21 AM, Lidong Chen wrote: > Due to an off-by-one error, the assert statements allow an > out-of-bound array access.
Not sure via which tree this patch is going (trivial?). To the maintainer, please consider adding when applying: "This access can not happen. Fix to silent static analyzer warnings." As confirmed by Lidong in v1 here: https://lists.gnu.org/archive/html/qemu-devel/2019-04/msg01337.html Thanks, Phil. > Signed-off-by: Lidong Chen <lidong.c...@oracle.com> > Reviewed-by: Liam Merwick <liam.merw...@oracle.com> > Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com> > Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com> > Reviewed-by: Li Qiang <liq...@gmail.com> > Reviewed-by: Darren Kenny <darren.ke...@oracle.com> > --- > hw/sd/sd.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/hw/sd/sd.c b/hw/sd/sd.c > index aaab15f..818f86c 100644 > --- a/hw/sd/sd.c > +++ b/hw/sd/sd.c > @@ -144,7 +144,7 @@ static const char *sd_state_name(enum SDCardStates state) > if (state == sd_inactive_state) { > return "inactive"; > } > - assert(state <= ARRAY_SIZE(state_name)); > + assert(state < ARRAY_SIZE(state_name)); > return state_name[state]; > } > > @@ -165,7 +165,7 @@ static const char *sd_response_name(sd_rsp_type_t rsp) > if (rsp == sd_r1b) { > rsp = sd_r1; > } > - assert(rsp <= ARRAY_SIZE(response_name)); > + assert(rsp < ARRAY_SIZE(response_name)); > return response_name[rsp]; > } > >
