| Message ID | 1399574818-19349-9-git-send-email-peter.maydell@linaro.org |
|---|---|
| State | New |
| Headers | show |
On Fri, May 9, 2014 at 4:46 AM, Peter Maydell <peter.maydell@linaro.org> wrote: > In fill_prefetch_fifo(), if the device we are reading from is 16 bit, > then we must not try to transfer an odd number of bytes into the FIFO. > This could otherwise have resulted in our overrunning the prefetch.fifo > array by one byte. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> > --- > Spotted by Coverity. I suspect Coverity is not smart enough > to figure out that this change really does prevent the overrun, > though :-( > --- > hw/misc/omap_gpmc.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/hw/misc/omap_gpmc.c b/hw/misc/omap_gpmc.c > index 2047274..cddea24 100644 > --- a/hw/misc/omap_gpmc.c > +++ b/hw/misc/omap_gpmc.c > @@ -242,6 +242,10 @@ static void fill_prefetch_fifo(struct omap_gpmc_s *s) > if (bytes > s->prefetch.count) { > bytes = s->prefetch.count; > } > + if (is16bit) { > + bytes &= ~1; > + } > + > s->prefetch.count -= bytes; > s->prefetch.fifopointer += bytes; > fptr = 64 - s->prefetch.fifopointer; > -- > 1.9.2 > >
diff --git a/hw/misc/omap_gpmc.c b/hw/misc/omap_gpmc.c index 2047274..cddea24 100644 --- a/hw/misc/omap_gpmc.c +++ b/hw/misc/omap_gpmc.c @@ -242,6 +242,10 @@ static void fill_prefetch_fifo(struct omap_gpmc_s *s) if (bytes > s->prefetch.count) { bytes = s->prefetch.count; } + if (is16bit) { + bytes &= ~1; + } + s->prefetch.count -= bytes; s->prefetch.fifopointer += bytes; fptr = 64 - s->prefetch.fifopointer;
In fill_prefetch_fifo(), if the device we are reading from is 16 bit, then we must not try to transfer an odd number of bytes into the FIFO. This could otherwise have resulted in our overrunning the prefetch.fifo array by one byte. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- Spotted by Coverity. I suspect Coverity is not smart enough to figure out that this change really does prevent the overrun, though :-( --- hw/misc/omap_gpmc.c | 4 ++++ 1 file changed, 4 insertions(+)