> -----Original Message----- > From: Gerd Hoffmann [mailto:kra...@redhat.com] > Sent: Thursday, June 12, 2014 6:44 PM > To: Gonglei (Arei) > Cc: qemu-devel@nongnu.org; pbonz...@redhat.com; lcapitul...@redhat.com; > av1...@comtv.ru; stefa...@redhat.com; Luonengjun; Huangweidong (C) > Subject: Re: [PATCH v3 4/4] vga: Fix divide-by-zero in vga_update_text > > Hi, > > > 2097 if (cursor_visible && cursor_offset < size && cursor_offset >= 0) > > (23) Event divide_by_zero: In expression "cursor_offset / width", > > division by expression "width" which may be zero has undefined behavior. > > > - if (cursor_visible && cursor_offset < size && cursor_offset >= > 0) > > + if (cursor_visible && cursor_offset < size && cursor_offset > > 0) > > dpy_text_cursor(s->con, > > TEXTMODE_X(cursor_offset), > > TEXTMODE_Y(cursor_offset)); > > That doesn't fix the reported issue. It's "width" which Coverity thinks > might be zero, not cursor_offset. And cursor_offset being zero is > perfectly fine, happens when the cursor is in the upper left corner. > Yep, I'm sorry for this fault.
> I have no idea why Coverity thinks width can be zero there. Line 2047: > > width = (s->cr[VGA_CRTC_H_DISP] + 1); > > (where cr is uint8_t). Hmm, maybe for the wraparound case (i.e. > s->cr[VGA_CRTC_H_DISP] == 0xff)? > > cheers, > Gerd > Best regards, -Gonglei