Markus wrote:
> This is the second fix for this bug pattern in a fortnight. Where's
> one, there are more:
>
> $ git-grep '<= ARRAY_SIZE'
> hw/intc/arm_gicv3_cpuif.c: assert(aprmax <= ARRAY_SIZE(cs->ich_apr[0]));
> hw/intc/arm_gicv3_cpuif.c: assert(aprmax <= ARRAY_SIZE(cs->ich_apr[0]));
> hw/net/stellaris_enet.c: if (s->tx_fifo_len + 4 <=
> ARRAY_SIZE(s->tx_fifo)) {
> hw/sd/pxa2xx_mmci.c: && s->tx_len <= ARRAY_SIZE(s->tx_fifo)
> hw/sd/pxa2xx_mmci.c: && s->rx_len <= ARRAY_SIZE(s->rx_fifo)
> hw/sd/pxa2xx_mmci.c: && s->resp_len <= ARRAY_SIZE(s->resp_fifo);
> hw/sd/sd.c: assert(state <= ARRAY_SIZE(state_name));
> hw/sd/sd.c: assert(rsp <= ARRAY_SIZE(response_name));
> hw/usb/hcd-xhci.c: assert(n <= ARRAY_SIZE(tmp));
> target/mips/op_helper.c: if (base_reglist > 0 && base_reglist <=
> ARRAY_SIZE (multiple_regs)) {
> target/mips/op_helper.c: if (base_reglist > 0 && base_reglist <=
> ARRAY_SIZE (multiple_regs)) {
> target/mips/op_helper.c: if (base_reglist > 0 && base_reglist <=
> ARRAY_SIZE (multiple_regs)) {
> target/mips/op_helper.c: if (base_reglist > 0 && base_reglist <=
> ARRAY_SIZE (multiple_regs)) {
> target/ppc/kvm.c: <= ARRAY_SIZE(hw_debug_points));
> target/ppc/kvm.c: <= ARRAY_SIZE(hw_debug_points));
> target/ppc/kvm.c: assert((nb_hw_breakpoint + nb_hw_watchpoint) <=
> ARRAY_SIZE(dbg->arch.bp));
> tcg/tcg.c: tcg_debug_assert(pi <= ARRAY_SIZE(op->args));
> util/main-loop.c: g_assert(n_poll_fds <= ARRAY_SIZE(poll_fds));
> util/module.c: assert(n_dirs <= ARRAY_SIZE(dirs));
There could be even more:
$ git grep '> ARRAY_SIZE'
hw/display/ssd0323.c: if (s->cmd_len > ARRAY_SIZE(s->cmd_data)) {
hw/display/vmware_vga.c: || SVGA_BITMAP_SIZE(x, y) >
ARRAY_SIZE(cursor.mask)
hw/display/vmware_vga.c: > ARRAY_SIZE(cursor.image)) {
hw/dma/xlnx-zdma.c: len = src_size > ARRAY_SIZE(s->buf) ?
ARRAY_SIZE(s->buf) : src_size;
hw/net/stellaris_enet.c: if (s->np > ARRAY_SIZE(s->rx)) {
hw/net/stellaris_enet.c: if (s->rx[i].len > ARRAY_SIZE(s->rx[i].data)) {
hw/net/stellaris_enet.c: if (s->rx_fifo_offset > ARRAY_SIZE(s->rx[0].data) -
4) {
hw/net/stellaris_enet.c: if (s->tx_fifo_len > ARRAY_SIZE(s->tx_fifo)) {
hw/scsi/mptsas.c: ((s)->name##_head > ARRAY_SIZE((s)->name) || \
hw/scsi/mptsas.c: (s)->name##_tail > ARRAY_SIZE((s)->name))
hw/scsi/mptsas.c: s->doorbell_cnt > ARRAY_SIZE(s->doorbell_msg) ||
hw/scsi/mptsas.c: s->doorbell_reply_size > ARRAY_SIZE(s->doorbell_reply)
||
hw/sd/ssi-sd.c: (!s->stopping && s->arglen > ARRAY_SIZE(s->response)))) {
hw/usb/dev-mtp.c: if (cmd.argc > ARRAY_SIZE(cmd.argv)) {
linux-user/syscall.c: if (nargs[num] > ARRAY_SIZE(a)) {
target/sh4/translate.c: if (max_insns > ARRAY_SIZE(insns)) {
CC-ing additional maintainers.
Aleksandar
