From patchwork Fri Sep 30 03:52:50 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Liu Yu-B13201 X-Patchwork-Id: 117034 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [140.186.70.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id D1A011007D6 for ; Fri, 30 Sep 2011 15:30:45 +1000 (EST) Received: from localhost ([::1]:54288 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R9VgJ-0003wp-1H for incoming@patchwork.ozlabs.org; Fri, 30 Sep 2011 01:30:43 -0400 Received: from eggs.gnu.org ([140.186.70.92]:41609) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R9VgC-0003w2-Go for qemu-devel@nongnu.org; Fri, 30 Sep 2011 01:30:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1R9VgB-0004jj-El for qemu-devel@nongnu.org; Fri, 30 Sep 2011 01:30:36 -0400 Received: from db3ehsobe004.messaging.microsoft.com ([213.199.154.142]:53233 helo=DB3EHSOBE004.bigfish.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R9Vg7-0004im-JV; Fri, 30 Sep 2011 01:30:32 -0400 Received: from mail49-db3-R.bigfish.com (10.3.81.250) by DB3EHSOBE004.bigfish.com (10.3.84.24) with Microsoft SMTP Server id 14.1.225.22; Fri, 30 Sep 2011 05:00:26 +0000 Received: from mail49-db3 (localhost.localdomain [127.0.0.1]) by mail49-db3-R.bigfish.com (Postfix) with ESMTP id 630BA16C00E3; Fri, 30 Sep 2011 05:00:26 +0000 (UTC) X-SpamScore: 0 X-BigFish: VS0(zzzz1202hzz8275bhz2dh2a8h668h839h64h) X-Forefront-Antispam-Report: CIP:70.37.183.190; KIP:(null); UIP:(null); IPVD:NLI; H:mail.freescale.net; RD:none; EFVD:NLI Received: from mail49-db3 (localhost.localdomain [127.0.0.1]) by mail49-db3 (MessageSwitch) id 1317358826199964_3935; Fri, 30 Sep 2011 05:00:26 +0000 (UTC) Received: from DB3EHSMHS017.bigfish.com (unknown [10.3.81.249]) by mail49-db3.bigfish.com (Postfix) with ESMTP id 2CE4913804F; Fri, 30 Sep 2011 05:00:26 +0000 (UTC) Received: from mail.freescale.net (70.37.183.190) by DB3EHSMHS017.bigfish.com (10.3.87.117) with Microsoft SMTP Server (TLS) id 14.1.225.22; Fri, 30 Sep 2011 05:00:25 +0000 Received: from az33smr01.freescale.net (10.64.34.199) by 039-SN1MMR1-001.039d.mgd.msft.net (10.84.1.13) with Microsoft SMTP Server id 14.1.323.7; Fri, 30 Sep 2011 00:00:23 -0500 Received: from localhost (rock.ap.freescale.net [10.193.20.106]) by az33smr01.freescale.net (8.13.1/8.13.0) with ESMTP id p8U50MBC004740; Fri, 30 Sep 2011 00:00:22 -0500 (CDT) From: Liu Yu To: Date: Fri, 30 Sep 2011 11:52:50 +0800 Message-ID: <1317354770-21531-2-git-send-email-yu.liu@freescale.com> X-Mailer: git-send-email 1.6.4 In-Reply-To: <1317354770-21531-1-git-send-email-yu.liu@freescale.com> References: <1317354770-21531-1-git-send-email-yu.liu@freescale.com> MIME-Version: 1.0 X-OriginatorOrg: freescale.com X-detected-operating-system: by eggs.gnu.org: Windows 2000 SP2+, XP SP1+ (seldom 98) X-Received-From: 213.199.154.142 Cc: Liu Yu , qemu-ppc@nongnu.org, qemu-devel@nongnu.org Subject: [Qemu-devel] [PATCH v2 2/2] ppc/e500_pci: Fix an array overflow issue X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org When access PPCE500_PCI_IW1 the previous index get overflow. The patch fix the issue and update all to keep consistent style. Signed-off-by: Liu Yu --- v2: also apply idx for outbound to keep consistent style. hw/ppce500_pci.c | 38 ++++++++++++++++++++++---------------- 1 files changed, 22 insertions(+), 16 deletions(-) diff --git a/hw/ppce500_pci.c b/hw/ppce500_pci.c index 0ece422..960a5d0 100644 --- a/hw/ppce500_pci.c +++ b/hw/ppce500_pci.c @@ -89,6 +89,7 @@ static uint32_t pci_reg_read4(void *opaque, target_phys_addr_t addr) PPCE500PCIState *pci = opaque; unsigned long win; uint32_t value = 0; + int idx; win = addr & 0xfe0; @@ -97,18 +98,19 @@ static uint32_t pci_reg_read4(void *opaque, target_phys_addr_t addr) case PPCE500_PCI_OW2: case PPCE500_PCI_OW3: case PPCE500_PCI_OW4: + idx = (addr >> 5) & 0x7; switch (addr & 0xC) { case PCI_POTAR: - value = pci->pob[(addr >> 5) & 0x7].potar; + value = pci->pob[idx].potar; break; case PCI_POTEAR: - value = pci->pob[(addr >> 5) & 0x7].potear; + value = pci->pob[idx].potear; break; case PCI_POWBAR: - value = pci->pob[(addr >> 5) & 0x7].powbar; + value = pci->pob[idx].powbar; break; case PCI_POWAR: - value = pci->pob[(addr >> 5) & 0x7].powar; + value = pci->pob[idx].powar; break; default: break; @@ -118,18 +120,19 @@ static uint32_t pci_reg_read4(void *opaque, target_phys_addr_t addr) case PPCE500_PCI_IW3: case PPCE500_PCI_IW2: case PPCE500_PCI_IW1: + idx = ((addr >> 5) & 0x3) - 1; switch (addr & 0xC) { case PCI_PITAR: - value = pci->pib[(addr >> 5) & 0x3].pitar; + value = pci->pib[idx].pitar; break; case PCI_PIWBAR: - value = pci->pib[(addr >> 5) & 0x3].piwbar; + value = pci->pib[idx].piwbar; break; case PCI_PIWBEAR: - value = pci->pib[(addr >> 5) & 0x3].piwbear; + value = pci->pib[idx].piwbear; break; case PCI_PIWAR: - value = pci->pib[(addr >> 5) & 0x3].piwar; + value = pci->pib[idx].piwar; break; default: break; @@ -160,6 +163,7 @@ static void pci_reg_write4(void *opaque, target_phys_addr_t addr, { PPCE500PCIState *pci = opaque; unsigned long win; + int idx; win = addr & 0xfe0; @@ -171,18 +175,19 @@ static void pci_reg_write4(void *opaque, target_phys_addr_t addr, case PPCE500_PCI_OW2: case PPCE500_PCI_OW3: case PPCE500_PCI_OW4: + idx = (addr >> 5) & 0x7; switch (addr & 0xC) { case PCI_POTAR: - pci->pob[(addr >> 5) & 0x7].potar = value; + pci->pob[idx].potar = value; break; case PCI_POTEAR: - pci->pob[(addr >> 5) & 0x7].potear = value; + pci->pob[idx].potear = value; break; case PCI_POWBAR: - pci->pob[(addr >> 5) & 0x7].powbar = value; + pci->pob[idx].powbar = value; break; case PCI_POWAR: - pci->pob[(addr >> 5) & 0x7].powar = value; + pci->pob[idx].powar = value; break; default: break; @@ -192,18 +197,19 @@ static void pci_reg_write4(void *opaque, target_phys_addr_t addr, case PPCE500_PCI_IW3: case PPCE500_PCI_IW2: case PPCE500_PCI_IW1: + idx = ((addr >> 5) & 0x3) - 1; switch (addr & 0xC) { case PCI_PITAR: - pci->pib[(addr >> 5) & 0x3].pitar = value; + pci->pib[idx].pitar = value; break; case PCI_PIWBAR: - pci->pib[(addr >> 5) & 0x3].piwbar = value; + pci->pib[idx].piwbar = value; break; case PCI_PIWBEAR: - pci->pib[(addr >> 5) & 0x3].piwbear = value; + pci->pib[idx].piwbear = value; break; case PCI_PIWAR: - pci->pib[(addr >> 5) & 0x3].piwar = value; + pci->pib[idx].piwar = value; break; default: break;