| Message ID | 1346490743-9652-1-git-send-email-sw@weilnetz.de |
|---|---|
| State | Accepted |
| Headers | show |
Thanks Stefan, Please enqueue to Trivial. Regards, Peter On Sat, Sep 1, 2012 at 7:12 PM, Stefan Weil <sw@weilnetz.de> wrote: > Report from smatch: > hw/cadence_uart.c:413 uart_read(13) error: buffer overflow 's->r' 18 <= 18 > > This fixes read access to s->r[R_MAX] which is behind the limits of s->r. > > Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com> > --- > hw/cadence_uart.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/cadence_uart.c b/hw/cadence_uart.c > index d98e531..f8afc4e 100644 > --- a/hw/cadence_uart.c > +++ b/hw/cadence_uart.c > @@ -404,7 +404,7 @@ static uint64_t uart_read(void *opaque, target_phys_addr_t offset, > uint32_t c = 0; > > offset >>= 2; > - if (offset > R_MAX) { > + if (offset >= R_MAX) { > return 0; > } else if (offset == R_TX_RX) { > uart_read_rx_fifo(s, &c); > -- > 1.7.10 >
On Sat, Sep 01, 2012 at 11:12:23AM +0200, Stefan Weil wrote: > Report from smatch: > hw/cadence_uart.c:413 uart_read(13) error: buffer overflow 's->r' 18 <= 18 > > This fixes read access to s->r[R_MAX] which is behind the limits of s->r. > > Signed-off-by: Stefan Weil <sw@weilnetz.de> > --- > hw/cadence_uart.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Thanks, applied to the trivial patches tree: https://github.com/stefanha/qemu/commits/trivial-patches Stefan
diff --git a/hw/cadence_uart.c b/hw/cadence_uart.c index d98e531..f8afc4e 100644 --- a/hw/cadence_uart.c +++ b/hw/cadence_uart.c @@ -404,7 +404,7 @@ static uint64_t uart_read(void *opaque, target_phys_addr_t offset, uint32_t c = 0; offset >>= 2; - if (offset > R_MAX) { + if (offset >= R_MAX) { return 0; } else if (offset == R_TX_RX) { uart_read_rx_fifo(s, &c);
Report from smatch: hw/cadence_uart.c:413 uart_read(13) error: buffer overflow 's->r' 18 <= 18 This fixes read access to s->r[R_MAX] which is behind the limits of s->r. Signed-off-by: Stefan Weil <sw@weilnetz.de> --- hw/cadence_uart.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)