From patchwork Mon Feb 17 14:37:34 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 24771 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-vc0-f200.google.com (mail-vc0-f200.google.com [209.85.220.200]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id AD57A20143 for ; Mon, 17 Feb 2014 14:37:37 +0000 (UTC) Received: by mail-vc0-f200.google.com with SMTP id le5sf30913428vcb.7 for ; Mon, 17 Feb 2014 06:37:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-unsubscribe; bh=0xmOgK0rq8bNMxbM2l+b29pRTM0iBSYUzh6RYtTyKpg=; b=b+Y0BX2oZrJVQcoID4kW6PCUr+rRIguV3NH31NKPgLAt93pQwiy5NYROac7L5T1M6s BYdya2RZTAyIF/PgdM5C1BN7nMSgCITLxRtofDxn1jsBqrTI3sPIjXt2m/yH0NIa9F8v X6Udm7/pJkOUKtWDf2PvFPQwcn48Ywb5F2A8+B6E2KiKeMJKSYfF93LatnAgHfGll414 9ZnN5UcGonI6gHCcTIFamyL3zCD/lD7sa5JIJ3gY5xgHT7WRPSv86FqrzcDM+Wg5/TNX JAFnillH4IBklP+k7ERfCfPLJh3g2w16zzT9D3BqPRzLhiaWdSCxiLHGHuEFEoguxPW6 EZCA== X-Gm-Message-State: ALoCoQlMnXfGD/Lb1Wpp/Z5/nNUuMy6zFxVMUI9Yh2nndlGGCBeTLBjUr7cc5C2XUA0raYMxDUth X-Received: by 10.236.108.228 with SMTP id q64mr9411107yhg.36.1392647856458; Mon, 17 Feb 2014 06:37:36 -0800 (PST) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.88.69 with SMTP id s63ls871513qgd.28.gmail; Mon, 17 Feb 2014 06:37:36 -0800 (PST) X-Received: by 10.220.131.210 with SMTP id y18mr17550055vcs.12.1392647856391; Mon, 17 Feb 2014 06:37:36 -0800 (PST) Received: from mail-ve0-f172.google.com (mail-ve0-f172.google.com [209.85.128.172]) by mx.google.com with ESMTPS id a5si4507602vez.82.2014.02.17.06.37.36 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 17 Feb 2014 06:37:36 -0800 (PST) Received-SPF: neutral (google.com: 209.85.128.172 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.128.172; Received: by mail-ve0-f172.google.com with SMTP id c14so12129217vea.17 for ; Mon, 17 Feb 2014 06:37:36 -0800 (PST) X-Received: by 10.52.68.106 with SMTP id v10mr223915vdt.59.1392647856305; Mon, 17 Feb 2014 06:37:36 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.220.174.196 with SMTP id u4csp143258vcz; Mon, 17 Feb 2014 06:37:35 -0800 (PST) X-Received: by 10.180.219.44 with SMTP id pl12mr13605148wic.12.1392647855538; Mon, 17 Feb 2014 06:37:35 -0800 (PST) Received: from mnementh.archaic.org.uk (mnementh.archaic.org.uk. [2001:8b0:1d0::1]) by mx.google.com with ESMTPS id fu4si8355505wib.30.2014.02.17.06.37.35 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Mon, 17 Feb 2014 06:37:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::1 as permitted sender) client-ip=2001:8b0:1d0::1; Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.80) (envelope-from ) id 1WFPKA-00026l-CI; Mon, 17 Feb 2014 14:37:34 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 3/3] hw/timer/arm_timer: Avoid array overrun for bad addresses Date: Mon, 17 Feb 2014 14:37:34 +0000 Message-Id: <1392647854-8067-4-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1392647854-8067-1-git-send-email-peter.maydell@linaro.org> References: <1392647854-8067-1-git-send-email-peter.maydell@linaro.org> X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: peter.maydell@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.128.172 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , The integrator's timer read/write functions log an error for bad addresses in guest accesses, but were falling through and using an out of bounds array index rather than returning early. Fix this. Signed-off-by: Peter Maydell --- hw/timer/arm_timer.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/timer/arm_timer.c b/hw/timer/arm_timer.c index a47afde..fb0a45c 100644 --- a/hw/timer/arm_timer.c +++ b/hw/timer/arm_timer.c @@ -320,6 +320,7 @@ static uint64_t icp_pit_read(void *opaque, hwaddr offset, n = offset >> 8; if (n > 2) { qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad timer %d\n", __func__, n); + return 0; } return arm_timer_read(s->timer[n], offset & 0xff); @@ -334,6 +335,7 @@ static void icp_pit_write(void *opaque, hwaddr offset, n = offset >> 8; if (n > 2) { qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad timer %d\n", __func__, n); + return; } arm_timer_write(s->timer[n], offset & 0xff, value);