[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 39/43] hw/display/tc6393xb: limit irq handler index t
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-devel] [PULL 39/43] hw/display/tc6393xb: limit irq handler index to TC6393XB_GPIOS |
|
Date: |
Wed, 13 Dec 2017 18:12:37 +0000 |
From: Prasad J Pandit <address@hidden>
The ctz32() routine could return a value greater than
TC6393XB_GPIOS=16, because the device has 24 GPIO level
bits but we only implement 16 outgoing lines. This could
lead to an OOB array access. Mask 'level' to avoid it.
Reported-by: Moguofang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Message-id: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
---
hw/display/tc6393xb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/display/tc6393xb.c b/hw/display/tc6393xb.c
index 74d10af..0ae6360 100644
--- a/hw/display/tc6393xb.c
+++ b/hw/display/tc6393xb.c
@@ -172,6 +172,7 @@ static void tc6393xb_gpio_handler_update(TC6393xbState *s)
int bit;
level = s->gpio_level & s->gpio_dir;
+ level &= MAKE_64BIT_MASK(0, TC6393XB_GPIOS);
for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
bit = ctz32(diff);
--
2.7.4
- [Qemu-devel] [PULL 34/43] target/arm: Ignore fsr from get_phys_addr() in do_ats_write(), (continued)
- [Qemu-devel] [PULL 34/43] target/arm: Ignore fsr from get_phys_addr() in do_ats_write(), Peter Maydell, 2017/12/13
- [Qemu-devel] [PULL 32/43] target/arm: Convert get_phys_addr_pmsav8() to not return FSC values, Peter Maydell, 2017/12/13
- [Qemu-devel] [PULL 35/43] target/arm: Remove fsr argument from get_phys_addr() and arm_tlb_fill(), Peter Maydell, 2017/12/13
- [Qemu-devel] [PULL 19/43] target/arm: Allow explicit writes to CONTROL.SPSEL in Handler mode, Peter Maydell, 2017/12/13
- [Qemu-devel] [PULL 37/43] nvic: Make nvic_sysreg_ns_ops work with any MemoryRegion, Peter Maydell, 2017/12/13
- [Qemu-devel] [PULL 40/43] MAINTAINERS: replace the unavailable email address, Peter Maydell, 2017/12/13
- [Qemu-devel] [PULL 41/43] xilinx_spips: Update the QSPI Mod ID reset value, Peter Maydell, 2017/12/13
- [Qemu-devel] [PULL 42/43] xilinx_spips: Set all of the reset values, Peter Maydell, 2017/12/13
- [Qemu-devel] [PULL 33/43] target/arm: Use ARMMMUFaultInfo in deliver_fault(), Peter Maydell, 2017/12/13
- [Qemu-devel] [PULL 36/43] target/arm: Extend PAR format determination, Peter Maydell, 2017/12/13
- [Qemu-devel] [PULL 39/43] hw/display/tc6393xb: limit irq handler index to TC6393XB_GPIOS,
Peter Maydell <=
- [Qemu-devel] [PULL 38/43] nvic: Make systick banked, Peter Maydell, 2017/12/13
- [Qemu-devel] [PULL 43/43] xilinx_spips: Use memset instead of a for loop to zero registers, Peter Maydell, 2017/12/13
- Re: [Qemu-devel] [PULL 00/43] target-arm queue, Peter Maydell, 2017/12/14