git.ipfire.org Git - thirdparty/qemu.git/commit

author	Peter Maydell <peter.maydell@linaro.org>
	Thu, 10 Jul 2025 16:15:52 +0000 (17:15 +0100)
committer	Thomas Huth <thuth@redhat.com>
	Fri, 11 Jul 2025 07:42:47 +0000 (09:42 +0200)
commit	3ffa21d293bf5e4f997ba117ee3e943344b71044
tree	240051d2497571e50376fe3d1c316a3326869b5c	tree
parent	79d7e60c326bcb9d165e5d52a29b238937bedd8d	commit \| diff

hw/s390x/s390-pci-bus.c: Use g_assert_not_reached() in functions taking an ett

The s390-pci-bus.c code, Coverity complains about a possible overflow
because get_table_index() can return -1 if the ett value passed in is
not one of the three permitted ZPCI_ETT_PT, ZPCI_ETT_ST, ZPCI_ETT_RT,
but the caller in table_translate() doesn't check this and instead
uses the return value directly in a calculation of the guest address
to read from.

In fact this case cannot happen, because:
* get_table_index() is called only from table_translate()
* the only caller of table_translate() loops through the ett values
in the order RT, ST, PT until table_translate() returns 0
* table_translate() will return 0 for the error cases and when
translate_iscomplete() returns true
* translate_iscomplete() is always true for ZPCI_ETT_PT

So table_translate() is always called with a valid ett value.

Instead of having the various functions called from table_translate()
return a default or dummy value when the ett argument is out of range,
use g_assert_not_reached() to indicate that this is impossible.

Coverity: CID 1547609
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Message-ID: <20250710161552.1287399-1-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>