qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCHv3 1/2] sun4m: Add Sun CG3 framebuffer and corres


From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCHv3 1/2] sun4m: Add Sun CG3 framebuffer and corresponding OpenBIOS FCode ROM
Date: Thu, 08 May 2014 16:49:18 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

Il 08/05/2014 16:44, Mark Cave-Ayland ha scritto:

+    case CG3_REG_FBC_CURSTART ... CG3_REG_SIZE:
+        val = s->regs[addr - 0x10];
+        break;
+    default:

Something weird here, you can access regs[16] if addr == CG3_REG_SIZE.

The same happens in the write path.

Ping.  I cannot fix it without access to the datasheet, though I suspect
you want CG3_REG_SIZE - 1.

Hi Paolo,

Sorry I didn't think you could access regs[16] since the MemoryRegion
size is set to CG3_REG_SIZE too (and so I hope should only handle
accesses from 0 to CG3_REG_SIZE - 1).

Anyway, I've quickly tried a Solaris 8 boot test replacing CG3_REG_SIZE
with CG3_REG_SIZE - 1 for the case statements in both the read and write
paths and everything still works, so happy for you to go ahead and fix it.

Ah okay so it's a false positive. But yes, it's better to fix it. I'll try to send a patch for qemu-trivial.

Paolo



reply via email to

[Prev in Thread] Current Thread [Next in Thread]