diff mbox series

hw/display/xlnx_dp: fix underflow in xlnx_dp_aux_pop_tx_fifo()

Message ID 20230105115338.442479-1-cyruscyliu@gmail.com
State New
Headers show
Series hw/display/xlnx_dp: fix underflow in xlnx_dp_aux_pop_tx_fifo() | expand

Commit Message

Qiang Liu Jan. 5, 2023, 11:53 a.m. UTC 
Fixes: 58ac482a66de ("introduce xlnx-dp")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1418
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
---
 hw/display/xlnx_dp.c | 4 ++++
 1 file changed, 4 insertions(+)
diff mbox series

Patch

diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c
index 407518c870..322e2faadd 100644
--- a/hw/display/xlnx_dp.c
+++ b/hw/display/xlnx_dp.c
@@ -520,6 +520,10 @@  static void xlnx_dp_aux_set_command(XlnxDPState *s, uint32_t value)
     case WRITE_AUX:
     case WRITE_I2C:
     case WRITE_I2C_MOT:
+        if (nbytes > fifo8_num_used(&s->tx_fifo)) {
+            qemu_log_mask(LOG_GUEST_ERROR, "xlnx_dp: TX length > fifo data length");
+            nbytes = fifo8_num_used(&s->tx_fifo);
+        }
         for (i = 0; i < nbytes; i++) {
             buf[i] = xlnx_dp_aux_pop_tx_fifo(s);
         }