[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 8/8] hw/arm/omap_gpmc: Avoid buffer overrun filling
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-devel] [PATCH 8/8] hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO |
|
Date: |
Thu, 8 May 2014 19:46:58 +0100 |
In fill_prefetch_fifo(), if the device we are reading from is 16 bit,
then we must not try to transfer an odd number of bytes into the FIFO.
This could otherwise have resulted in our overrunning the prefetch.fifo
array by one byte.
Signed-off-by: Peter Maydell <address@hidden>
---
Spotted by Coverity. I suspect Coverity is not smart enough
to figure out that this change really does prevent the overrun,
though :-(
---
hw/misc/omap_gpmc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/misc/omap_gpmc.c b/hw/misc/omap_gpmc.c
index 2047274..cddea24 100644
--- a/hw/misc/omap_gpmc.c
+++ b/hw/misc/omap_gpmc.c
@@ -242,6 +242,10 @@ static void fill_prefetch_fifo(struct omap_gpmc_s *s)
if (bytes > s->prefetch.count) {
bytes = s->prefetch.count;
}
+ if (is16bit) {
+ bytes &= ~1;
+ }
+
s->prefetch.count -= bytes;
s->prefetch.fifopointer += bytes;
fptr = 64 - s->prefetch.fifopointer;
--
1.9.2
- [Qemu-devel] [PATCH 0/8] misc fixes for coverity warnings in ARM devices, Peter Maydell, 2014/05/08
- [Qemu-devel] [PATCH 7/8] hw/arm/stellaris: Correct handling of GPTM TAR register, Peter Maydell, 2014/05/08
- [Qemu-devel] [PATCH 8/8] hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO,
Peter Maydell <=
- [Qemu-devel] [PATCH 4/8] hw/arm/omap1: Avoid unintended sign extension writing omap_rtc YEARS_REG, Peter Maydell, 2014/05/08
- [Qemu-devel] [PATCH 1/8] hw/intc/allwinner-a10-pic: Add missing 'break', Peter Maydell, 2014/05/08
- [Qemu-devel] [PATCH 2/8] hw/net/cadence_gem: Remove dead code, Peter Maydell, 2014/05/08
- [Qemu-devel] [PATCH 3/8] hw/display/pxa2xx_lcd: Fix 16bpp+alpha and 18bpp+alpha palette formats, Peter Maydell, 2014/05/08