From: Lidong Chen <lidong.c...@oracle.com>
Due to an off-by-one error, the assert statements allow an
out-of-bound array access. This doesn't happen in practice,
but the static analyzer notices.
Signed-off-by: Lidong Chen <lidong.c...@oracle.com>
Reviewed-by: Liam Merwick <liam.merw...@oracle.com>
Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com>
Reviewed-by: Li Qiang <liq...@gmail.com>
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
Message-Id:
<6b19cb7359a10a6bedc3ea0fce22fed3ef93c102.1560806687.git.lidong.c...@oracle.com>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
---
hw/sd/sd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
index 60500ec..917195a6 100644
--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
@@ -145,7 +145,7 @@ static const char *sd_state_name(enum SDCardStates state)
if (state == sd_inactive_state) {
return "inactive";
}
- assert(state <= ARRAY_SIZE(state_name));
+ assert(state < ARRAY_SIZE(state_name));
return state_name[state];
}
@@ -166,7 +166,7 @@ static const char *sd_response_name(sd_rsp_type_t rsp)
if (rsp == sd_r1b) {
rsp = sd_r1;
}
- assert(rsp <= ARRAY_SIZE(response_name));
+ assert(rsp < ARRAY_SIZE(response_name));
return response_name[rsp];
}
--
1.8.3.1
