Re: [PATCH] hw/display/xenfb: Replace unreachable code by abort()

[Markus Armbruster <armbru@xxxxxxxxxx>]

Philippe Mathieu-Daudé <philmd@xxxxxxxxxx> writes:

> On 29/7/25 13:12, Markus Armbruster wrote:
>> xenfb_mouse_event() has a switch statement whose controlling
>> expression move->axis is an enum InputAxis.  The enum values are
>> INPUT_AXIS_X and INPUT_AXIS_Y, encoded as 0 and 1.  The switch has a
>> case for both axes.  In addition, it has an unreachable default label.
>> This convinces Coverity that move->axis can be greater than 1.  It
>> duly reports a buffer overrun when it is used to subscript an array
>> with two elements.
>> Replace the unreachable code by abort().
>> Resolves: Coverity CID 1613906
>> Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
>> ---
>>   hw/display/xenfb.c | 3 +--
>>   1 file changed, 1 insertion(+), 2 deletions(-)
>> diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
>> index 22822fecea..5e6c691779 100644
>> --- a/hw/display/xenfb.c
>> +++ b/hw/display/xenfb.c
>> @@ -283,8 +283,7 @@ static void xenfb_mouse_event(DeviceState *dev, 
>> QemuConsole *src,
>>                   scale = surface_height(surface) - 1;
>>                   break;
>>               default:
>> -                scale = 0x8000;
>> -                break;
>> +                abort();
>
> We prefer GLib g_assert_not_reached() over abort() because it displays
> the file, line number & function before aborting.

The purpose of this line is to tell the compiler we can't get there,
with the least amount of ceremony.

We have ~600 calls of abort().

Whoever merges this: feel free to replace by g_assert_not_reached().

>>               }
>>               xenfb->axis[move->axis] = move->value * scale / 0x7fff;
>>           }