Patchwork [7/7] ppc405_uc: fix a buffer overflow

login
register
mail settings
Submitter Blue Swirl
Date Jan. 8, 2011, 6:25 p.m.
Message ID <AANLkTi=mdJV_nSM8uNsjxcV98u-5J-gjaig5zoqdSheM@mail.gmail.com>
Download mbox | patch
Permalink /patch/77977/
State New
Headers show

Comments

Blue Swirl - Jan. 8, 2011, 6:25 p.m.
Fix a buffer overflow, reported by cppcheck:
[/src/qemu/hw/ppc405_uc.c:72]: (error) Buffer access out-of-bounds:
bd.bi_s_version

The use of field bi_s_version seems to be a typo, it should be
bi_r_version.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
---
 hw/ppc405_uc.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

     for (i = 0; i < 6; i++)

Patch

diff --git a/hw/ppc405_uc.c b/hw/ppc405_uc.c
index 8136cb9..334187e 100644
--- a/hw/ppc405_uc.c
+++ b/hw/ppc405_uc.c
@@ -68,8 +68,9 @@  ram_addr_t ppc405_set_bootinfo (CPUState *env,
ppc4xx_bd_info_t *bd,
     stl_phys(bdloc + 0x34, bd->bi_baudrate);
     for (i = 0; i < 4; i++)
         stb_phys(bdloc + 0x38 + i, bd->bi_s_version[i]);
-    for (i = 0; i < 32; i++)
-        stb_phys(bdloc + 0x3C + i, bd->bi_s_version[i]);
+    for (i = 0; i < 32; i++) {
+        stb_phys(bdloc + 0x3C + i, bd->bi_r_version[i]);
+    }
     stl_phys(bdloc + 0x5C, bd->bi_plb_busfreq);
     stl_phys(bdloc + 0x60, bd->bi_pci_busfreq);