> >>>>> +static void kvm_arch_e500_update_guest_debug(CPUState *cs,
> >>>>> + struct
> >>>>> +kvm_guest_debug
> >>>>> +*dbg) {
> >>>>> + int n;
> >>>>> +
> >>>>> + if (nb_hw_breakpoint + nb_hw_watchpoint > 0) {
> >>>>> + dbg->control |= KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_HW_BP;
> >>>>> + memset(dbg->arch.bp, 0, sizeof(dbg->arch.bp));
> >>>>> + for (n = 0; n < nb_hw_breakpoint + nb_hw_watchpoint; n++)
> >>>>> + {
> >>>> Boundary check against dbg->arch.bp missing.
> >>> Did not get, what you mean by " dbg->arch.bp missing" ?
> >> dbg->arch.bp is an array of a certain size. If nb_hw_breakpoint +
> >> nb_hw_watchpoint > ARRAY_SIZE(dbg->arch.bp) we might overwrite memory
> >> we don't want to overwrite.
> > Actually this will never overflow here because nb_hw_breakpoint and
> nb_hw_watchpoint overflow in taken care in in hw_insert_breakpoint().
> > Do you thing that to be double safe we can add a check?
>
> We only check against an overflow of hw_breakpoint[], not dbg->arch.bp.
> What if nb_hw_breakpoint becomes 17?
nb_hw_breakpoint can never be more than max_hw_breakpoint, how nb_hw_breakpoint
can be 17 ?
Thanks
-Bharat
