From: Peter Maydell <[email protected]> The bh_utf8_decode() UTF8 decoder takes its next byte as a "uint32_t byte" parameter, but it assumes it to be in bounds as it immediately indexes into its array with it.
Use "uint8_t" as the argument type instead. This moves us away from the upstream implementation slightly, but it is the same type as we use in the one callsite, and it makes it clear that we can't be indexing off the end of the array with this guest-derived data. This probably helps make Coverity a bit happier (CID 1659590). Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Marc-André Lureau <[email protected]> Message-ID: <[email protected]> --- ui/vt100.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/vt100.c b/ui/vt100.c index 7e373766bc1..f8140cfa85c 100644 --- a/ui/vt100.c +++ b/ui/vt100.c @@ -438,7 +438,7 @@ static void vt100_clear_xy(QemuVT100 *vt, int x, int y) #define BH_UTF8_ACCEPT 0 #define BH_UTF8_REJECT 12 -static uint32_t bh_utf8_decode(uint32_t *state, uint32_t *codep, uint32_t byte) +static uint32_t bh_utf8_decode(uint32_t *state, uint32_t *codep, uint8_t byte) { static const uint8_t utf8d[] = { /* character class lookup */ -- 2.54.0
