qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [Qemu-arm] [PATCH] char: cadence: check divider against

From: Peter Maydell
Subject: Re: [Qemu-devel] [Qemu-arm] [PATCH] char: cadence: check divider against baud rate
Date: Tue, 18 Oct 2016 10:50:05 +0100 
On 18 October 2016 at 10:47, P J P <address@hidden> wrote:
> From: Prasad J Pandit <address@hidden>
>
> The Cadence UART device emulator calculates speed by dividing the
> baud rate by a divider. If this divider was to be zero or if baud
> rate was to be lesser than the divider, it could lead to a divide
> by zero error. Add check to avoid it.
>
> Reported-by: Huawei PSIRT <address@hidden>
> Signed-off-by: Prasad J Pandit <address@hidden>
> ---
>  hw/char/cadence_uart.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
> index e3bc52f..b18dd7f 100644
> --- a/hw/char/cadence_uart.c
> +++ b/hw/char/cadence_uart.c
> @@ -170,6 +170,10 @@ static void uart_parameters_setup(CadenceUARTState *s)
>      baud_rate = (s->r[R_MR] & UART_MR_CLKS) ?
>              UART_INPUT_CLK / 8 : UART_INPUT_CLK;
>
> +    if (!s->r[R_BRGR] || !(s->r[R_BDIV] + 1)
> +        || baud_rate < (s->r[R_BRGR] * (s->r[R_BDIV] + 1))) {
> +        return;
> +    }
>      ssp.speed = baud_rate / (s->r[R_BRGR] * (s->r[R_BDIV] + 1));
>      packet_size = 1;

It seems really unlikely that early return here is the correct thing, since
it will result in our not correctly setting a bunch of the other
stuff done later in this function that's unrelated to baud rate.
What does the datasheet for this UART specify for this situation?

thanks
-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]