mirror of
https://github.com/qemu/qemu.git
synced 2026-07-08 17:56:38 +00:00
replay: Improve assert in replay_char_read_all_load()
In replay_char_read_all_load() we get a buffer and size from the replay log. We know the size has to fit an int because of how we write the log. However the way we assert this is wrong: we cast the size_t from replay_get_array() to an int and then check that it is non-negative. This misses cases where an over-large size is truncated into a positive value by the cast. Replace the assertion with checking that the size is in-range before doing the cast. Coverity complained about the possible overflow: CID 1643440. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20251124173407.50124-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
This commit is contained in:
committed by
Philippe Mathieu-Daudé
parent
77f4f14e08
commit
78d66a25c5
@@ -126,8 +126,8 @@ int replay_char_read_all_load(uint8_t *buf)
|
||||
int res;
|
||||
replay_get_array(buf, &size);
|
||||
replay_finish_event();
|
||||
assert(size <= INT_MAX);
|
||||
res = (int)size;
|
||||
assert(res >= 0);
|
||||
return res;
|
||||
} else if (replay_next_event_is(EVENT_CHAR_READ_ALL_ERROR)) {
|
||||
int res = replay_get_dword();
|
||||
|
||||
Reference in New Issue
Block a user