diff mbox

[04/14] cadence_uart: Fix buffer overflow

Message ID 1348394420-28298-5-git-send-email-stefanha@gmail.com
State New
Headers show

Commit Message

Stefan Hajnoczi Sept. 23, 2012, 10 a.m. UTC 
From: Stefan Weil <sw@weilnetz.de>

Report from smatch:
hw/cadence_uart.c:413 uart_read(13) error: buffer overflow 's->r' 18 <= 18

This fixes read access to s->r[R_MAX] which is behind the limits of s->r.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
---
 hw/cadence_uart.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox

Patch

diff --git a/hw/cadence_uart.c b/hw/cadence_uart.c
index d98e531..f8afc4e 100644
--- a/hw/cadence_uart.c
+++ b/hw/cadence_uart.c
@@ -404,7 +404,7 @@  static uint64_t uart_read(void *opaque, target_phys_addr_t offset,
     uint32_t c = 0;
 
     offset >>= 2;
-    if (offset > R_MAX) {
+    if (offset >= R_MAX) {
         return 0;
     } else if (offset == R_TX_RX) {
         uart_read_rx_fifo(s, &c);