1. Patchew
  2. QEMU
  3. [PATCH 0/2] ati-vga Coverity fixes
  4. View patch

[PATCH 2/2] ati-vga: Add upper limit to x-linear-aper-size property

BALATON Zoltan posted 2 patches 2 days, 4 hours ago
[PATCH 2/2] ati-vga: Add upper limit to x-linear-aper-size property
Posted by BALATON Zoltan 2 days, 4 hours ago 
Coverity warns in CID 1645968 about possible integer overflow. This
should never happen but to ensure that, add an upper limit on the
x-linear-aper-size. This may not silence the warning but makes sure
users cannot cause an overflow.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 hw/display/ati.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/display/ati.c b/hw/display/ati.c
index fc19737d1f..97d871b1e2 100644
--- a/hw/display/ati.c
+++ b/hw/display/ati.c
@@ -1130,6 +1130,10 @@ static void ati_vga_realize(PCIDevice *dev, Error **errp)
             s->linear_aper_sz = ATI_R100_LINEAR_APER_SIZE;
         }
     }
+    if (s->linear_aper_sz > 256 * MiB) {
+        error_setg(errp, "x-linear-aper-size is too large (maximum 256 MiB)");
+        return;
+    }
     if (s->linear_aper_sz < 16 * MiB) {
         error_setg(errp, "x-linear-aper-size is too small (minimum 16 MiB)");
         return;
-- 
2.41.3
Re: [PATCH 2/2] ati-vga: Add upper limit to x-linear-aper-size property
Posted by Philippe Mathieu-Daudé 1 day, 12 hours ago 
On 30/3/26 23:09, BALATON Zoltan wrote:
> Coverity warns in CID 1645968 about possible integer overflow. This
> should never happen but to ensure that, add an upper limit on the
> x-linear-aper-size. This may not silence the warning but makes sure
> users cannot cause an overflow.
> 
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>   hw/display/ati.c | 4 ++++
>   1 file changed, 4 insertions(+)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Re: [PATCH 2/2] ati-vga: Add upper limit to x-linear-aper-size property
Posted by Peter Maydell 1 day, 17 hours ago 
On Mon, 30 Mar 2026 at 22:09, BALATON Zoltan <balaton@eik.bme.hu> wrote:
>
> Coverity warns in CID 1645968 about possible integer overflow. This
> should never happen but to ensure that, add an upper limit on the
> x-linear-aper-size. This may not silence the warning but makes sure
> users cannot cause an overflow.
>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  hw/display/ati.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/hw/display/ati.c b/hw/display/ati.c
> index fc19737d1f..97d871b1e2 100644
> --- a/hw/display/ati.c
> +++ b/hw/display/ati.c
> @@ -1130,6 +1130,10 @@ static void ati_vga_realize(PCIDevice *dev, Error **errp)
>              s->linear_aper_sz = ATI_R100_LINEAR_APER_SIZE;
>          }
>      }
> +    if (s->linear_aper_sz > 256 * MiB) {
> +        error_setg(errp, "x-linear-aper-size is too large (maximum 256 MiB)");
> +        return;
> +    }
>      if (s->linear_aper_sz < 16 * MiB) {
>          error_setg(errp, "x-linear-aper-size is too small (minimum 16 MiB)");
>          return;
> --
> 2.41.3
>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.