From: Wei Liu Date: Mon, 22 Aug 2016 12:47:53 +0000 (+0100) Subject: hvmloader: use bound checking in get_module_entry X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~522 X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https://%22%22/%22http:/www.example.com/cgi/%22https:/%22%22?a=commitdiff_plain;h=94d3b9990bf73459919fb5b234d088d1ac41c9da;p=xen.git hvmloader: use bound checking in get_module_entry Coverity complains: overflow_before_widen: Potentially overflowing expression info->nr_modules * 32U with type unsigned int (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type uint64_t (64 bits, unsigned). The overflow is unlikely to happen in reality because we only expect a few modules. Fix that by converting the check to use bound checking to placate Coverity. Signed-off-by: Wei Liu Acked-by: Jan Beulich --- diff --git a/tools/firmware/hvmloader/hvmloader.c b/tools/firmware/hvmloader/hvmloader.c index 7b32d86d39..bbd4e3454a 100644 --- a/tools/firmware/hvmloader/hvmloader.c +++ b/tools/firmware/hvmloader/hvmloader.c @@ -272,8 +272,8 @@ const struct hvm_modlist_entry *get_module_entry( if ( !modlist || info->modlist_paddr > UINTPTR_MAX || - (info->modlist_paddr + info->nr_modules * sizeof(*modlist) - 1) - > UINTPTR_MAX ) + (UINTPTR_MAX - (uintptr_t)info->modlist_paddr) / sizeof(*modlist) + < info->nr_modules ) return NULL; for ( i = 0; i < info->nr_modules; i++ )