[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] hw/mcf5206: Fix buffer overflow for MBAR read /
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PATCH] hw/mcf5206: Fix buffer overflow for MBAR read / write |
Date: |
Tue, 4 Sep 2012 18:57:44 +0100 |
On 4 September 2012 18:37, Stefan Weil <address@hidden> wrote:
> Report from smatch:
>
> mcf5206.c:384 m5206_mbar_readb(7) error: buffer overflow 'm5206_mbar_width'
> 128 <= 128
> mcf5206.c:403 m5206_mbar_readw(8) error: buffer overflow 'm5206_mbar_width'
> 128 <= 128
> mcf5206.c:427 m5206_mbar_readl(8) error: buffer overflow 'm5206_mbar_width'
> 128 <= 128
> mcf5206.c:451 m5206_mbar_writeb(9) error: buffer overflow 'm5206_mbar_width'
> 128 <= 128
> mcf5206.c:475 m5206_mbar_writew(9) error: buffer overflow 'm5206_mbar_width'
> 128 <= 128
> mcf5206.c:503 m5206_mbar_writel(9) error: buffer overflow 'm5206_mbar_width'
> 128 <= 128
>
> m5206_mbar_width has 0x80 elements and supports 0 <= offset < 0x200.
>
> Signed-off-by: Stefan Weil <address@hidden>
Checked against the data sheet -- last documented register is at offset $1F0,
so correcting the offset check rather than the array length is the correct
fix.
Reviewed-by: Peter Maydell <address@hidden>
-- PMM