From: Peter Maydell <peter.maydell@linaro.org>
Date: Wed, 25 May 2022 12:59:04 +0000 (-0400)
Subject: hw/tpm/tpm_tis_common.c: Assert that locty is in range
X-Git-Tag: v7.1.0-rc0~74^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4d84bb6c8b42cc781a02e1ac6648875966abc877;p=thirdparty%2Fqemu.git

hw/tpm/tpm_tis_common.c: Assert that locty is in range

In tpm_tis_mmio_read(), tpm_tis_mmio_write() and
tpm_tis_dump_state(), we calculate a locality index with
tpm_tis_locality_from_addr() and then use it as an index into the
s->loc[] array.  In all these cases, the array index can't overflow
because the MemoryRegion is sized to be TPM_TIS_NUM_LOCALITIES <<
TPM_TIS_LOCALITY_SHIFT bytes.  However, Coverity can't see that, and
it complains (CID 1487138, 1487180, 1487188, 1487198, 1487240).

Add an assertion to tpm_tis_locality_from_addr() that the calculated
locality index is valid, which will help Coverity and also catch any
potential future bug where the MemoryRegion isn't sized exactly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20220525125904.483075-1-stefanb@linux.ibm.com
---

diff --git a/hw/tpm/tpm_tis_common.c b/hw/tpm/tpm_tis_common.c
index e700d821816..503be2a541d 100644
--- a/hw/tpm/tpm_tis_common.c
+++ b/hw/tpm/tpm_tis_common.c
@@ -50,7 +50,12 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
 
 static uint8_t tpm_tis_locality_from_addr(hwaddr addr)
 {
-    return (uint8_t)((addr >> TPM_TIS_LOCALITY_SHIFT) & 0x7);
+    uint8_t locty;
+
+    locty = (uint8_t)((addr >> TPM_TIS_LOCALITY_SHIFT) & 0x7);
+    assert(TPM_TIS_IS_VALID_LOCTY(locty));
+
+    return locty;
 }