x86/traps: replace ASSERT() checking array bounds

Avoid out of bounds accesses on non-debug builds.

Coverity ID: 1055744

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Release-acked-by: Wei Liu <wei.liu2@citrix.com>

diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 63765ec5cec9002cd9ecb160402bac5af49d2de9..822556a8e08af0eeac85983328777603609cda91 100644 (file)
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -3764,7 +3764,11 @@ void async_exception_cleanup(struct vcpu *curr)
             if ( (curr->async_exception_mask ^
                   curr->async_exception_state(trap).old_mask) == (1 << trap) )
                 break;
-    ASSERT(trap <= VCPU_TRAP_LAST);
+    if ( unlikely(trap > VCPU_TRAP_LAST) )
+    {
+        ASSERT_UNREACHABLE();
+        return;
+    }
 
     /* Restore previous asynchronous exception mask. */
     curr->async_exception_mask = curr->async_exception_state(trap).old_mask;