dm: refine 'assert' in inout.c and post.c

- 'assert' cleanup to avoid possible software vulnerabilities.

Tracked-On: #3252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
This commit is contained in:
Yonghua Huang 2019-06-17 18:27:31 +08:00 committed by wenlingz
parent a2332b159a
commit dedf9befa6
2 changed files with 9 additions and 12 deletions

View File

@ -28,10 +28,8 @@
#include <stdio.h>
#include <string.h>
#include <assert.h>
#include "inout.h"
SET_DECLARE(inout_port_set, struct inout_port);
#define MAX_IOPORTS (1 << 16)
@ -99,8 +97,9 @@ emulate_inout(struct vmctx *ctx, int *pvcpu, struct pio_request *pio_request)
in = (pio_request->direction == REQUEST_READ);
port = pio_request->address;
assert(port + bytes - 1 < MAX_IOPORTS);
assert(bytes == 1 || bytes == 2 || bytes == 4);
if ((port + bytes - 1 >= MAX_IOPORTS) ||
((bytes != 1) && (bytes != 2) && (bytes != 4)))
return -1;
handler = inout_handlers[port].handler;
flags = inout_handlers[port].flags;
@ -133,7 +132,11 @@ init_inout(void)
*/
SET_FOREACH(iopp, inout_port_set) {
iop = *iopp;
assert(iop->port < MAX_IOPORTS);
if (iop->port >= MAX_IOPORTS) {
printf("%s: invalid port:0x%x", __func__, iop->port);
continue;
}
inout_handlers[iop->port].name = iop->name;
inout_handlers[iop->port].flags = iop->flags;
inout_handlers[iop->port].handler = iop->handler;
@ -183,8 +186,6 @@ unregister_inout(struct inout_port *iop)
return -1;
}
assert(inout_handlers[iop->port].name == iop->name);
register_default_iohandler(iop->port, iop->size);
return 0;

View File

@ -26,8 +26,6 @@
* $FreeBSD$
*/
#include <assert.h>
#include "inout.h"
#include "lpc.h"
@ -35,9 +33,7 @@ static int
post_data_handler(struct vmctx *ctx, int vcpu, int in, int port, int bytes,
uint32_t *eax, void *arg)
{
assert(in == 1);
if (bytes != 1)
if ((in != 1) || (bytes != 1))
return -1;
*eax = 0xff; /* return some garbage */