| Message ID | 1476800269-31902-1-git-send-email-ppandit@redhat.com |
|---|---|
| State | New |
| Headers | show |
On 18 October 2016 at 15:17, P J P <ppandit@redhat.com> wrote: > From: Prasad J Pandit <pjp@fedoraproject.org> > > The STM32F2XX Timer emulator uses a 16 bit prescaler value to > limit the timer clock rate. It does that by dividing the timer > frequency. If the prescaler 's->tim_psc' was set to be UINT_MAX, > it'd lead to divide by zero error. Limit prescaler value to 16 > bits to avoid it. > > Reported-by: Huawei PSIRT <psirt@huawei.com> > Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> > --- > hw/timer/stm32f2xx_timer.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/timer/stm32f2xx_timer.c b/hw/timer/stm32f2xx_timer.c > index bf0fb28..2cad36d 100644 > --- a/hw/timer/stm32f2xx_timer.c > +++ b/hw/timer/stm32f2xx_timer.c > @@ -208,7 +208,7 @@ static void stm32f2xx_timer_write(void *opaque, hwaddr offset, > return; > case TIM_PSC: > timer_val = stm32f2xx_ns_to_ticks(s, now) - s->tick_offset; > - s->tim_psc = value; > + s->tim_psc = value & 0xFFFF; > value = timer_val; > break; > case TIM_CNT: Applied to target-arm.next, thanks. (That "value = timer_val;" line looks odd as it is dead code, but that's a different bug I think. Alistair, can you remember what you meant when you wrote that?) -- PMM
diff --git a/hw/timer/stm32f2xx_timer.c b/hw/timer/stm32f2xx_timer.c index bf0fb28..2cad36d 100644 --- a/hw/timer/stm32f2xx_timer.c +++ b/hw/timer/stm32f2xx_timer.c @@ -208,7 +208,7 @@ static void stm32f2xx_timer_write(void *opaque, hwaddr offset, return; case TIM_PSC: timer_val = stm32f2xx_ns_to_ticks(s, now) - s->tick_offset; - s->tim_psc = value; + s->tim_psc = value & 0xFFFF; value = timer_val; break; case TIM_CNT: