On 3/31/22 12:06, Peter Maydell wrote:
PS: while you're there, there are also a bunch of new TCG related
issues where it alleges array indexes being out of bounds. I
suspect these are false positives, but it's probably faster
for you to analyse them. (I have a feeling Coverity can get
confused and claim an error because it's looking at an array
size it has cached from one target's NB_MMU_MODES value and
a code flow for a different target with a different NB_MMU_MODES.)
Given the placement of one of the notes,
1760 static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
1761 MemOpIdx oi, int size, int prot,
1762 uintptr_t retaddr)
1763 {
1. assignment: Assigning: mmu_idx = get_mmuidx(oi).
The value of mmu_idx may now be up to 15.
1764 size_t mmu_idx = get_mmuidx(oi);
the range check in based only on the mask applied within get_mmuidx.
I'll try adding an assert vs NB_MMU_MODES within that function.
r~
