qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 1904331] [NEW] Coding bug in the function serial_ioport_write in se


From: Jonathan D. Belanger
Subject: [Bug 1904331] [NEW] Coding bug in the function serial_ioport_write in serial.c
Date: Sun, 15 Nov 2020 15:48:38 -0000

Public bug reported:

Branch hash: b50ea0d  (pulled from github).

I was reviewing the code and noticed the following in the function
serial_ioport_write:

    assert(size == 1 && addr < 8);
        .
        .
        .
    switch(addr) {
    default:
    case 0:
        if (s->lcf & UART_LCR_DLAB) {
            if (size == 1) {
                s->divider = (s->divider & 0xff00) | val;
            } else {
                s->divider = val;
            }
        }

The assert will trigger if the size is > 1, so the else of the if (size
== 1) will never be executed and an attempt to specify a size > 1 will
trigger an assert.

The documentation for the UART indicates that the 16-bit divisor is
broken up amongst 2 8-bit registers (DLL and DLM).  There already is
code to handle the DLL and DLM portions of the divider register (as
coded).

This is not exactly going to cause a bug, as there is no code that calls
this function with a value for size other than 1.  It is just
unnecessary code.

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1904331

Title:
  Coding bug in the function serial_ioport_write in serial.c

Status in QEMU:
  New

Bug description:
  Branch hash: b50ea0d  (pulled from github).

  I was reviewing the code and noticed the following in the function
  serial_ioport_write:

      assert(size == 1 && addr < 8);
          .
          .
          .
      switch(addr) {
      default:
      case 0:
          if (s->lcf & UART_LCR_DLAB) {
              if (size == 1) {
                  s->divider = (s->divider & 0xff00) | val;
              } else {
                  s->divider = val;
              }
          }

  The assert will trigger if the size is > 1, so the else of the if
  (size == 1) will never be executed and an attempt to specify a size >
  1 will trigger an assert.

  The documentation for the UART indicates that the 16-bit divisor is
  broken up amongst 2 8-bit registers (DLL and DLM).  There already is
  code to handle the DLL and DLM portions of the divider register (as
  coded).

  This is not exactly going to cause a bug, as there is no code that
  calls this function with a value for size other than 1.  It is just
  unnecessary code.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1904331/+subscriptions



reply via email to

[Prev in Thread] Current Thread [Next in Thread]