Bernhard Beschow <[email protected]> writes: > Am 13. Oktober 2025 11:10:45 UTC schrieb Markus Armbruster > <[email protected]>: >>Ping? >> >>Markus Armbruster <[email protected]> writes: >> >>> xenfb_mouse_event() has a switch statement whose controlling >>> expression move->axis is an enum InputAxis. The enum values are >>> INPUT_AXIS_X and INPUT_AXIS_Y, encoded as 0 and 1. The switch has a >>> case for both axes. In addition, it has an unreachable default label. >>> This convinces Coverity that move->axis can be greater than 1. It >>> duly reports a buffer overrun when it is used to subscript an array >>> with two elements. >>> >>> Replace the unreachable code by abort(). >>> >>> Resolves: Coverity CID 1613906 >>> Signed-off-by: Markus Armbruster <[email protected]> >>> --- >>> hw/display/xenfb.c | 3 +-- >>> 1 file changed, 1 insertion(+), 2 deletions(-) >>> >>> diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c >>> index 22822fecea..5e6c691779 100644 >>> --- a/hw/display/xenfb.c >>> +++ b/hw/display/xenfb.c >>> @@ -283,8 +283,7 @@ static void xenfb_mouse_event(DeviceState *dev, >>> QemuConsole *src, >>> scale = surface_height(surface) - 1; >>> break; >>> default: >>> - scale = 0x8000; >>> - break; >>> + abort(); > > Don't we prefer g_assert_not_reached() these days, for more expressiveness?
See https://lore.kernel.org/qemu-devel/[email protected]/ [...]
