From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:52608)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1ROx3x-0007jc-Ax
	for qemu-devel@nongnu.org; Fri, 11 Nov 2011 14:47:01 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1ROx3v-0002Hl-TE
	for qemu-devel@nongnu.org; Fri, 11 Nov 2011 14:46:57 -0500
Received: from mail-iy0-f173.google.com ([209.85.210.173]:35059)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1ROx3v-0001is-NU
	for qemu-devel@nongnu.org; Fri, 11 Nov 2011 14:46:55 -0500
Received: by mail-iy0-f173.google.com with SMTP id k32so5202243iak.4
	for <qemu-devel@nongnu.org>; Fri, 11 Nov 2011 11:46:35 -0800 (PST)
Message-ID: <4EBD7B98.2010006@codemonkey.ws>
Date: Fri, 11 Nov 2011 13:46:32 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
References: <1321018215-13754-1-git-send-email-peter.maydell@linaro.org>
In-Reply-To: <1321018215-13754-1-git-send-email-peter.maydell@linaro.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] hw/arm_timer.c: Fix bounds check for
 Integrator timer accesses
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, patches@linaro.org

On 11/11/2011 07:30 AM, Peter Maydell wrote:
> There are only three counter/timers on the integrator board:
> correct the bounds check to avoid an array overrun. (Spotted
> by Coverity, see bug 887883).
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>

Applied.  Thanks.

Regards,

Anthony Liguori

> ---
>   hw/arm_timer.c |    4 ++--
>   1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/arm_timer.c b/hw/arm_timer.c
> index 09a4b24..66db81d 100644
> --- a/hw/arm_timer.c
> +++ b/hw/arm_timer.c
> @@ -269,7 +269,7 @@ static uint64_t icp_pit_read(void *opaque, target_phys_addr_t offset,
>
>       /* ??? Don't know the PrimeCell ID for this device.  */
>       n = offset>>  8;
> -    if (n>  3) {
> +    if (n>  2) {
>           hw_error("sp804_read: Bad timer %d\n", n);
>       }
>
> @@ -283,7 +283,7 @@ static void icp_pit_write(void *opaque, target_phys_addr_t offset,
>       int n;
>
>       n = offset>>  8;
> -    if (n>  3) {
> +    if (n>  2) {
>           hw_error("sp804_write: Bad timer %d\n", n);
>       }
>