qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCHv3 1/2] sun4m: Add Sun CG3 framebuffer and corres

From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCHv3 1/2] sun4m: Add Sun CG3 framebuffer and corresponding OpenBIOS FCode ROM
Date: Wed, 07 May 2014 21:56:00 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 
Il 05/03/2014 11:05, Paolo Bonzini ha scritto:

Il 19/02/2014 10:05, Mark Cave-Ayland ha scritto:

+#define CG3_REG_SIZE            0x20
+
+#define CG3_REG_FBC_CTRL        0x10
+#define CG3_REG_FBC_STATUS      0x11
+#define CG3_REG_FBC_CURSTART    0x12
+#define CG3_REG_FBC_CUREND      0x13
+#define CG3_REG_FBC_VCTRL       0x14
+
+typedef struct CG3State {

...


+    uint8_t regs[16];


...


+    case CG3_REG_FBC_CURSTART ... CG3_REG_SIZE:
+        val = s->regs[addr - 0x10];
+        break;
+    default:


Something weird here, you can access regs[16] if addr == CG3_REG_SIZE.

The same happens in the write path.
Ping. I cannot fix it without access to the datasheet, though I suspect you want CG3_REG_SIZE - 1. 

Paolo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]