Re: [Qemu-devel] [PATCH 8/8] hw/arm/omap_gpmc: Avoid buffer overrun fill

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 8/8] hw/arm/omap_gpmc: Avoid buffer overrun fill

From:	Peter Crosthwaite
Subject:	Re: [Qemu-devel] [PATCH 8/8] hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO
Date:	Sat, 10 May 2014 22:55:33 +1000

On Fri, May 9, 2014 at 4:46 AM, Peter Maydell <address@hidden> wrote:
> In fill_prefetch_fifo(), if the device we are reading from is 16 bit,
> then we must not try to transfer an odd number of bytes into the FIFO.
> This could otherwise have resulted in our overrunning the prefetch.fifo
> array by one byte.
>
> Signed-off-by: Peter Maydell <address@hidden>

Reviewed-by: Peter Crosthwaite <address@hidden>

> ---
> Spotted by Coverity. I suspect Coverity is not smart enough
> to figure out that this change really does prevent the overrun,
> though :-(
> ---
>  hw/misc/omap_gpmc.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/hw/misc/omap_gpmc.c b/hw/misc/omap_gpmc.c
> index 2047274..cddea24 100644
> --- a/hw/misc/omap_gpmc.c
> +++ b/hw/misc/omap_gpmc.c
> @@ -242,6 +242,10 @@ static void fill_prefetch_fifo(struct omap_gpmc_s *s)
>      if (bytes > s->prefetch.count) {
>          bytes = s->prefetch.count;
>      }
> +    if (is16bit) {
> +        bytes &= ~1;
> +    }
> +
>      s->prefetch.count -= bytes;
>      s->prefetch.fifopointer += bytes;
>      fptr = 64 - s->prefetch.fifopointer;
> --
> 1.9.2
>
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/8] misc fixes for coverity warnings in ARM devices, Peter Maydell, 2014/05/08
- [Qemu-devel] [PATCH 7/8] hw/arm/stellaris: Correct handling of GPTM TAR register, Peter Maydell, 2014/05/08
  - Re: [Qemu-devel] [PATCH 7/8] hw/arm/stellaris: Correct handling of GPTM TAR register, Peter Crosthwaite, 2014/05/10
    - Re: [Qemu-devel] [PATCH 7/8] hw/arm/stellaris: Correct handling of GPTM TAR register, Peter Maydell, 2014/05/10
- [Qemu-devel] [PATCH 8/8] hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO, Peter Maydell, 2014/05/08
  - Re: [Qemu-devel] [PATCH 8/8] hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO, Peter Crosthwaite <=
- [Qemu-devel] [PATCH 4/8] hw/arm/omap1: Avoid unintended sign extension writing omap_rtc YEARS_REG, Peter Maydell, 2014/05/08
  - Re: [Qemu-devel] [PATCH 4/8] hw/arm/omap1: Avoid unintended sign extension writing omap_rtc YEARS_REG, Peter Crosthwaite, 2014/05/09
- [Qemu-devel] [PATCH 1/8] hw/intc/allwinner-a10-pic: Add missing 'break', Peter Maydell, 2014/05/08
  - Re: [Qemu-devel] [PATCH 1/8] hw/intc/allwinner-a10-pic: Add missing 'break', Peter Crosthwaite, 2014/05/09
- [Qemu-devel] [PATCH 2/8] hw/net/cadence_gem: Remove dead code, Peter Maydell, 2014/05/08
  - Re: [Qemu-devel] [PATCH 2/8] hw/net/cadence_gem: Remove dead code, Peter Crosthwaite, 2014/05/09
- [Qemu-devel] [PATCH 3/8] hw/display/pxa2xx_lcd: Fix 16bpp+alpha and 18bpp+alpha palette formats, Peter Maydell, 2014/05/08
  - Re: [Qemu-devel] [PATCH 3/8] hw/display/pxa2xx_lcd: Fix 16bpp+alpha and 18bpp+alpha palette formats, Peter Crosthwaite, 2014/05/09
    - Re: [Qemu-devel] [PATCH 3/8] hw/display/pxa2xx_lcd: Fix 16bpp+alpha and 18bpp+alpha palette formats, Peter Maydell, 2014/05/13
- [Qemu-devel] [PATCH 6/8] hw/timer/exynos4210_mct: Avoid overflow in exynos4210_ltick_recalc_count, Peter Maydell, 2014/05/08

Prev by Date: [Qemu-devel] [PATCH] arch_init: Simplify code for load_xbzrle()
Next by Date: Re: [Qemu-devel] [PATCH] migration: cache memory region ram ptr
Previous by thread: [Qemu-devel] [PATCH 8/8] hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO
Next by thread: [Qemu-devel] [PATCH 4/8] hw/arm/omap1: Avoid unintended sign extension writing omap_rtc YEARS_REG
Index(es):
- Date
- Thread