From patchwork Thu May 8 18:46:58 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 29853 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-qa0-f71.google.com (mail-qa0-f71.google.com [209.85.216.71]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 4421D202DD for ; Thu, 8 May 2014 18:47:06 +0000 (UTC) Received: by mail-qa0-f71.google.com with SMTP id w8sf7437735qac.6 for ; Thu, 08 May 2014 11:47:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-unsubscribe; bh=TmBkFV7C3C6uytH5JHOXP4ExwaR2oHjm2u1I/FVezeU=; b=TsRfD6YrXQCCiHVxgtjm4AJ33YakbDSvhTdoblAGTlsk2a9hm3dBnpCY4R7lhCzrLq ISc1tFrq7131tpfs/B0pUvZDKY7URAaAAHnSpa2DdsOWEI/Y/L6gWYlUxJjVL8yYVIdy 6SYwz0KrVKHGvfd+qB04KY09wMSIOKls/lanrTLirVjjgIP5Rq3P9TaXvvoDCxsHDag0 4K7CjSkj2+IBs/VrRBw9oFhicqyVADb2lNcCBlVIE9xD4ydAkmCbc+YVc8kdExTr2Ufo DEnIvWIkEDN7A9eqIoLpLZnbcqUdKafS4rcEltYZhrfhssB45aOwazcD/rOUnt0VBIud JGow== X-Gm-Message-State: ALoCoQmusxFPBpodikc5AYh8sQlkjevXECUe3suNrKfey6QLplgyi/woR4uudywflSb/nGPlGTUZ X-Received: by 10.58.210.2 with SMTP id mq2mr2544317vec.3.1399574825966; Thu, 08 May 2014 11:47:05 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.106.98 with SMTP id d89ls2265051qgf.57.gmail; Thu, 08 May 2014 11:47:05 -0700 (PDT) X-Received: by 10.220.163.3 with SMTP id y3mr4301762vcx.7.1399574825882; Thu, 08 May 2014 11:47:05 -0700 (PDT) Received: from mail-ve0-f178.google.com (mail-ve0-f178.google.com [209.85.128.178]) by mx.google.com with ESMTPS id l2si322176vcf.43.2014.05.08.11.47.05 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 08 May 2014 11:47:05 -0700 (PDT) Received-SPF: none (google.com: patch+caf_=patchwork-forward=linaro.org@linaro.org does not designate permitted sender hosts) client-ip=209.85.128.178; Received: by mail-ve0-f178.google.com with SMTP id sa20so3790974veb.23 for ; Thu, 08 May 2014 11:47:05 -0700 (PDT) X-Received: by 10.58.13.104 with SMTP id g8mr4321268vec.16.1399574825818; Thu, 08 May 2014 11:47:05 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.220.221.72 with SMTP id ib8csp17018vcb; Thu, 8 May 2014 11:47:05 -0700 (PDT) X-Received: by 10.182.40.201 with SMTP id z9mr7302301obk.45.1399574823393; Thu, 08 May 2014 11:47:03 -0700 (PDT) Received: from mnementh.archaic.org.uk (mnementh.archaic.org.uk. [2001:8b0:1d0::1]) by mx.google.com with ESMTPS id fm5si917479pbc.421.2014.05.08.11.47.02 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 08 May 2014 11:47:03 -0700 (PDT) Received-SPF: none (google.com: pm215@archaic.org.uk does not designate permitted sender hosts) client-ip=2001:8b0:1d0::1; Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.80) (envelope-from ) id 1WiTLO-000533-UE; Thu, 08 May 2014 19:46:58 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, Peter Crosthwaite Subject: [PATCH 8/8] hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO Date: Thu, 8 May 2014 19:46:58 +0100 Message-Id: <1399574818-19349-9-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1399574818-19349-1-git-send-email-peter.maydell@linaro.org> References: <1399574818-19349-1-git-send-email-peter.maydell@linaro.org> X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: peter.maydell@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: patch+caf_=patchwork-forward=linaro.org@linaro.org does not designate permitted sender hosts) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , In fill_prefetch_fifo(), if the device we are reading from is 16 bit, then we must not try to transfer an odd number of bytes into the FIFO. This could otherwise have resulted in our overrunning the prefetch.fifo array by one byte. Signed-off-by: Peter Maydell Reviewed-by: Peter Crosthwaite --- Spotted by Coverity. I suspect Coverity is not smart enough to figure out that this change really does prevent the overrun, though :-( --- hw/misc/omap_gpmc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/misc/omap_gpmc.c b/hw/misc/omap_gpmc.c index 2047274..cddea24 100644 --- a/hw/misc/omap_gpmc.c +++ b/hw/misc/omap_gpmc.c @@ -242,6 +242,10 @@ static void fill_prefetch_fifo(struct omap_gpmc_s *s) if (bytes > s->prefetch.count) { bytes = s->prefetch.count; } + if (is16bit) { + bytes &= ~1; + } + s->prefetch.count -= bytes; s->prefetch.fifopointer += bytes; fptr = 64 - s->prefetch.fifopointer;