On Sat, 31 Jan 2015, arei.gong...@huawei.com wrote: > From: Gonglei <arei.gong...@huawei.com> > > The array length of s->real_device.io_regions[] is > "PCI_NUM_REGIONS - 1". Add a check, just make Coverity happy. > > Signed-off-by: Gonglei <arei.gong...@huawei.com> > --- > hw/xen/xen_pt_config_init.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c > index 710fe50..3c8b0f1 100644 > --- a/hw/xen/xen_pt_config_init.c > +++ b/hw/xen/xen_pt_config_init.c > @@ -443,6 +443,11 @@ static int xen_pt_bar_reg_read(XenPCIPassthroughState > *s, XenPTReg *cfg_entry, > return -1; > } > > + if (index == PCI_ROM_SLOT) { > + XEN_PT_ERR(&s->dev, "Internal error: Access violation at ROM > BAR.\n"); > + return -1; > + }
Could you please fix the boundaries of the check just above? Also please avoid using PCI_ROM_SLOT for the array index check, simply use PCI_NUM_REGIONS. > /* use fixed-up value from kernel sysfs */ > *value = base_address_with_flags(&s->real_device.io_regions[index]); > > -- > 1.7.12.4 > >