>>> On 12.01.17 at 12:31, <andrew.coop...@citrix.com> wrote: > On 12/01/17 10:09, Jan Beulich wrote: >>>>> On 11.01.17 at 18:33, <andrew.coop...@citrix.com> wrote: >>> Coverity points out that x86_insn_modrm() returns -EINVAL for instructions >>> not >>> encoded with a ModRM byte. A consequence is that checking != 3 is >>> insufficient to confirm that &ext was actually written to. >>> >>> In practice, this check is only used after decode has been successful, and >>> 0f01 will have a ModRM byte. >> I think there may be one or two more such instances elsewhere. > > I did audit the other callsites, and thought I found them to be safe. > > However, thinking again, I think the gate_op case isn't > > case 0xff: > if ( x86_insn_modrm(state, NULL, &modrm_345) >= 3 ) > break; > switch ( modrm_345 & 7 ) > > This also needs to be an unsigned comparison to catch the -EINVAL case.
Right. However, how about using 3U instead of a cast to achieve this? Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
