Re: Coverity CID 714665: vfio_ext_cap_len() use of uninitialized variable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2014-04-03 at 10:48 -0600, Bjorn Helgaas wrote:
> On Thu, Apr 3, 2014 at 9:53 AM, Bjorn Helgaas <bhelgaas@xxxxxxxxxx> wrote:
> > Coverity complains that "byte" is used uninitialized in
> > drivers/vfio/pci/vfio_pci_config.c in vfio_ext_cap_len():
> >
> > 1139                        sts = byte & PCI_TPH_CAP_ST_MASK;
> > 1140                        sts >>= PCI_TPH_CAP_ST_SHIFT;
> > 1141                        return PCI_TPH_BASE_SIZEOF + round_up(sts * 2, 4);
> >
> > This is CID 714665.
> 
> I think "dword" was probably intended instead of "byte".  Changing
> that would also fix CID 715156:
> 
> 1136                if ((dword & PCI_TPH_CAP_LOC_MASK) == PCI_TPH_LOC_CAP) {
> 1137                        int sts;
> 1138
>     CID 714665: Uninitialized scalar variable (UNINIT) [select issue]
> 
> CID 715156 (#1 of 1): Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
> result_independent_of_operands: byte & 0x7ff0000 is always 0
> regardless of the values of its operands. This occurs as the operand
> of assignment.
> 1139                        sts = byte & PCI_TPH_CAP_ST_MASK;

Yes, using byte looks like a cut-n-paste error, it should have been
dword.  The size calculation also looks wrong since the field is an N-1
value but we don't seem to be incrementing it.  I'll post a patch that
fixes both.  Thanks,

Alex

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux