On Fri, Jun 23, 2017 at 01:45:57PM -0300, Philippe Mathieu-Daudé wrote:
> then abort calling error_setg()
I don't understand the reasons for this. This commit message says
"what" and "how", but not "why".
>
> Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
> ---
> hw/core/qdev.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/hw/core/qdev.c b/hw/core/qdev.c
> index 849952a8d4..05aaa67cb8 100644
> --- a/hw/core/qdev.c
> +++ b/hw/core/qdev.c
> @@ -448,7 +448,11 @@ qemu_irq qdev_get_gpio_in_named(DeviceState *dev, const
> char *name, int n)
> {
> NamedGPIOList *gpio_list = qdev_get_named_gpio_list(dev, name);
>
> - assert(n >= 0 && n < gpio_list->num_in);
> + assert(n >= 0);
> + if (n >= gpio_list->num_in) {
> + error_setg(&error_abort, "Invalid gpio #%d (of %d) for %s",
> + n, gpio_list->num_in, name ? name : "device");
Why exactly assert() is ok for (n < 0), but not for
(n >= gpio_list->num_io)?
If you have reasons to believe (n >= gpio_list->num_in) can be triggered
by user input, then abort() isn't an appropriate way to handle it.
> + }
> return gpio_list->in[n];
> }
>
> --
> 2.13.1
>
--
Eduardo
