[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] hw/mcf5206: Fix buffer overflow for MBAR read /
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-devel] [PATCH] hw/mcf5206: Fix buffer overflow for MBAR read / write |
|
Date: |
Tue, 4 Sep 2012 19:31:57 +0100 |
On 4 September 2012 19:16, Stefan Weil <address@hidden> wrote:
> Am 04.09.2012 20:12, schrieb Stefan Weil:
>> Am 04.09.2012 19:57, schrieb Peter Maydell:
>>> Checked against the data sheet -- last documented register is at
>>> offset $1F0, so correcting the offset check rather than the array
>>> length is the correct fix.
>> Then m5206_mbar_width should be shortened to 124 elements
>> (0x1f0 / 4) _and_ the offset check needs a correction.
Why bother? The relevant offsets will hit the hw_error() cases
in m5206_mbar_read() and m5206_mbar_write() anyway, the same
as for the other cases where there are "holes" in the register
space. The only reason we're doing these checks here is to avoid
overrunning the width array...
> Sorry, 125 elements, of course. Or are there undocumented
> registers at 0x1f4, 0x1f8 and 0x1fc?
If there were, I wouldn't know, because they aren't documented :-)
-- PMM