[Qemu-devel] [PATCH] hw/arm_timer.c: Fix bounds check for Integrator tim

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] hw/arm_timer.c: Fix bounds check for Integrator tim

From:	Peter Maydell
Subject:	[Qemu-devel] [PATCH] hw/arm_timer.c: Fix bounds check for Integrator timer accesses
Date:	Fri, 11 Nov 2011 13:30:15 +0000

There are only three counter/timers on the integrator board:
correct the bounds check to avoid an array overrun. (Spotted
by Coverity, see bug 887883).

Signed-off-by: Peter Maydell <address@hidden>
---
 hw/arm_timer.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm_timer.c b/hw/arm_timer.c
index 09a4b24..66db81d 100644
--- a/hw/arm_timer.c
+++ b/hw/arm_timer.c
@@ -269,7 +269,7 @@ static uint64_t icp_pit_read(void *opaque, 
target_phys_addr_t offset,
 
     /* ??? Don't know the PrimeCell ID for this device.  */
     n = offset >> 8;
-    if (n > 3) {
+    if (n > 2) {
         hw_error("sp804_read: Bad timer %d\n", n);
     }
 
@@ -283,7 +283,7 @@ static void icp_pit_write(void *opaque, target_phys_addr_t 
offset,
     int n;
 
     n = offset >> 8;
-    if (n > 3) {
+    if (n > 2) {
         hw_error("sp804_write: Bad timer %d\n", n);
     }
 
-- 
1.7.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] hw/arm_timer.c: Fix bounds check for Integrator timer accesses, Peter Maydell <=
- Re: [Qemu-devel] [PATCH] hw/arm_timer.c: Fix bounds check for Integrator timer accesses, Anthony Liguori, 2011/11/11

Prev by Date: Re: [Qemu-devel] [ICON] QEMU Mascot Contest v.2
Next by Date: Re: [Qemu-devel] Long QEMU main loop pauses during migration (to file) under heavy load
Previous by thread: [Qemu-devel] Long QEMU main loop pauses during migration (to file) under heavy load
Next by thread: Re: [Qemu-devel] [PATCH] hw/arm_timer.c: Fix bounds check for Integrator timer accesses
Index(es):
- Date
- Thread