On 07/03/2019 10:31, Jan Beulich wrote:
> e820.c: In function ‘clip_to_limit’:
> .../xen/include/asm/string.h:10:26: error: ‘__builtin_memmove’ offset [-16,
> -36] is out of the bounds [0, 20484] of
> object ‘e820’ with type ‘struct e820map’ [-Werror=array-bounds]
> 10 | #define memmove(d, s, n) __builtin_memmove(d, s, n)
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~
> e820.c:404:13: note: in expansion of macro ‘memmove’
> 404 | memmove(&e820.map[i], &e820.map[i+1],
> | ^~~~~~~
> e820.c:36:16: note: ‘e820’ declared here
> 36 | struct e820map e820;
> | ^~~~
>
> While I can't see where the negative offsets would come from, converting
> the loop index to unsigned type helps. Take the opportunity and also
> convert several other local variables and copy_e820_map()'s second
> parameter to unsigned int (and bool in one case).
>
> Reported-by: Charles Arnold <carn...@suse.com>
> Signed-off-by: Jan Beulich <jbeul...@suse.com>
Acked-by: Andrew Cooper <andrew.coop...@citrix.com>, with one request.
>
> --- a/xen/arch/x86/e820.c
> +++ b/xen/arch/x86/e820.c
> @@ -304,7 +300,7 @@ int __init sanitize_e820_map(struct e820
> * thinkpad 560x, for example, does not cooperate with the memory
> * detection code.)
> */
> -static int __init copy_e820_map(struct e820entry * biosmap, int nr_map)
> +static int __init copy_e820_map(struct e820entry * biosmap, unsigned int
> nr_map)
> {
> /* Only one memory region (or negative)? Ignore it */
This comment is now stale. I'd just drop the bit in brackets.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
