qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCHv3 1/2] sun4m: Add Sun CG3 framebuffer and corres

From: Mark Cave-Ayland
Subject: Re: [Qemu-devel] [PATCHv3 1/2] sun4m: Add Sun CG3 framebuffer and corresponding OpenBIOS FCode ROM
Date: Thu, 08 May 2014 15:44:44 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131103 Icedove/17.0.10 
On 07/05/14 20:56, Paolo Bonzini wrote:


Il 05/03/2014 11:05, Paolo Bonzini ha scritto:

Il 19/02/2014 10:05, Mark Cave-Ayland ha scritto:

+#define CG3_REG_SIZE            0x20
+
+#define CG3_REG_FBC_CTRL        0x10
+#define CG3_REG_FBC_STATUS      0x11
+#define CG3_REG_FBC_CURSTART    0x12
+#define CG3_REG_FBC_CUREND      0x13
+#define CG3_REG_FBC_VCTRL       0x14
+
+typedef struct CG3State {

...


+    uint8_t regs[16];


...


+    case CG3_REG_FBC_CURSTART ... CG3_REG_SIZE:
+        val = s->regs[addr - 0x10];
+        break;
+    default:


Something weird here, you can access regs[16] if addr == CG3_REG_SIZE.

The same happens in the write path.


Ping.  I cannot fix it without access to the datasheet, though I suspect
you want CG3_REG_SIZE - 1.


Hi Paolo,
Sorry I didn't think you could access regs[16] since the MemoryRegion size is set to CG3_REG_SIZE too (and so I hope should only handle accesses from 0 to CG3_REG_SIZE - 1).
Anyway, I've quickly tried a Solaris 8 boot test replacing CG3_REG_SIZE with CG3_REG_SIZE - 1 for the case statements in both the read and write paths and everything still works, so happy for you to go ahead and fix it. 


ATB,

Mark.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]