On 10/01/2017 06:39, Michael S. Tsirkin wrote: > -void virtqueue_map(VirtQueueElement *elem) > +void virtqueue_map(VirtIODevice *vdev, VirtQueueElement *elem) > { > - virtqueue_map_iovec(elem->in_sg, elem->in_addr, &elem->in_num, > - VIRTQUEUE_MAX_SIZE, 1); > - virtqueue_map_iovec(elem->out_sg, elem->out_addr, &elem->out_num, > - VIRTQUEUE_MAX_SIZE, 0); > + virtqueue_map_iovec(vdev, elem->in_sg, elem->in_addr, &elem->in_num, > + MIN(ARRAY_SIZE(elem->in_sg), > ARRAY_SIZE(elem->in_addr)), > + 1); > + virtqueue_map_iovec(vdev, elem->out_sg, elem->out_addr, &elem->out_num, > + MIN(ARRAY_SIZE(elem->out_sg), > + ARRAY_SIZE(elem->out_addr)), > + 0);
Coverity reports that ARRAY_SIZE(elem->out_sg) (and all the others too) is wrong because elem->out_sg is a pointer. However, the check is not in the right place and the max_size argument of virtqueue_map_iovec can be removed. The check on in_num/out_num can be moved to qemu_get_virtqueue_element instead, before the call to virtqueue_alloc_element. Thanks, Paolo