From patchwork Sat Jan  8 18:25:35 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Blue Swirl <blauwirbel@gmail.com>
X-Patchwork-Id: 77977
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [199.232.76.165])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 0C88EB7063
	for <incoming@patchwork.ozlabs.org>;
	Sun,  9 Jan 2011 05:34:43 +1100 (EST)
Received: from localhost ([127.0.0.1]:58033 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Pbdcc-0003J3-1C
	for incoming@patchwork.ozlabs.org; Sat, 08 Jan 2011 13:34:38 -0500
Received: from [140.186.70.92] (port=48410 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PbdUI-0007C5-Ae
	for qemu-devel@nongnu.org; Sat, 08 Jan 2011 13:26:05 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <blauwirbel@gmail.com>) id 1PbdUC-000751-Hw
	for qemu-devel@nongnu.org; Sat, 08 Jan 2011 13:26:01 -0500
Received: from mail-px0-f173.google.com ([209.85.212.173]:36428)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <blauwirbel@gmail.com>) id 1PbdUC-00073T-C5
	for qemu-devel@nongnu.org; Sat, 08 Jan 2011 13:25:56 -0500
Received: by mail-px0-f173.google.com with SMTP id 16so3870619pxi.4
	for <qemu-devel@nongnu.org>; Sat, 08 Jan 2011 10:25:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:mime-version:received:from:date
	:message-id:subject:to:content-type;
	bh=mCe9czcWNONXttqtcOWCPLZ78p2JlwGRdRTlIFOe+VQ=;
	b=YZYisg7g6RHdQWfmWxF00m6pZrhWYIgP3to9n6vKl+z2gNqEItNTH/41KdHHsDtfXQ
	Dk4RhCPGQsz9qGm7JmJmdgxug8tSs6d5fUa5fs0x5HBo/dIu74crQScpz+1Nf9c0UUeV
	74/EtMheXG7DEACTIFkby0oZuHzfE98ua+gm0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:from:date:message-id:subject:to:content-type;
	b=KKTojk9K3F+11j/XMvvNFgICHsiwMDI8La6gVwLrLkJjrPFtnWxULTq07DrWC/QBtq
	ka5d2LoEzaCFuuR5YZuIqCY8xRPIm+oV9ZM7XSJ1HInKJik+GFJSavjHmgoORxedYksu
	czcXc0NC4ta6k2BvDA014T6E8GA3H77SVvZkY=
Received: by 10.143.43.12 with SMTP id v12mr2773707wfj.344.1294511156004;
	Sat, 08 Jan 2011 10:25:56 -0800 (PST)
MIME-Version: 1.0
Received: by 10.142.241.1 with HTTP; Sat, 8 Jan 2011 10:25:35 -0800 (PST)
From: Blue Swirl <blauwirbel@gmail.com>
Date: Sat, 8 Jan 2011 18:25:35 +0000
Message-ID: <AANLkTi=mdJV_nSM8uNsjxcV98u-5J-gjaig5zoqdSheM@mail.gmail.com>
To: qemu-devel <qemu-devel@nongnu.org>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
Subject: [Qemu-devel] [PATCH 7/7] ppc405_uc: fix a buffer overflow
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Fix a buffer overflow, reported by cppcheck:
[/src/qemu/hw/ppc405_uc.c:72]: (error) Buffer access out-of-bounds:
bd.bi_s_version

The use of field bi_s_version seems to be a typo, it should be
bi_r_version.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
---
 hw/ppc405_uc.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

     for (i = 0; i < 6; i++)

diff --git a/hw/ppc405_uc.c b/hw/ppc405_uc.c
index 8136cb9..334187e 100644
--- a/hw/ppc405_uc.c
+++ b/hw/ppc405_uc.c
@@ -68,8 +68,9 @@ ram_addr_t ppc405_set_bootinfo (CPUState *env,
ppc4xx_bd_info_t *bd,
     stl_phys(bdloc + 0x34, bd->bi_baudrate);
     for (i = 0; i < 4; i++)
         stb_phys(bdloc + 0x38 + i, bd->bi_s_version[i]);
-    for (i = 0; i < 32; i++)
-        stb_phys(bdloc + 0x3C + i, bd->bi_s_version[i]);
+    for (i = 0; i < 32; i++) {
+        stb_phys(bdloc + 0x3C + i, bd->bi_r_version[i]);
+    }
     stl_phys(bdloc + 0x5C, bd->bi_plb_busfreq);
     stl_phys(bdloc + 0x60, bd->bi_pci_busfreq);