target/xtensa: Assert that interrupt level is within bounds

In handle_interrupt() we use level as an index into the interrupt_vector[] array. This is safe because we have checked it against env->config->nlevel, but Coverity can't see that (and it is only true because each CPU config sets its XCHAL_NUM_INTLEVELS to something less than MAX_NLEVELS), so it complains about a possible array overrun (CID 1507131) Add an assert() which will make Coverity happy and catch the unlikely case of a mis-set XCHAL_NUM_INTLEVELS in future. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Max Filippov <jcmvbkbc@gmail.com> Message-id: 20230623154135.1930261-1-peter.maydell@linaro.org
qemu · Jul 4, 2023 · 86a7827 · 86a7827
1 parent 7812aaa
commit 86a7827
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/target/xtensa/exc_helper.c b/target/xtensa/exc_helper.c
@@ -169,6 +169,9 @@ static void handle_interrupt(CPUXtensaState *env)
         CPUState *cs = env_cpu(env);
 
         if (level > 1) {
+            /* env->config->nlevel check should have ensured this */
+            assert(level < sizeof(env->config->interrupt_vector));
+
             env->sregs[EPC1 + level - 1] = env->pc;
             env->sregs[EPS2 + level - 2] = env->sregs[PS];
             env->sregs[PS] =