From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=36152 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Pe9TS-00045A-N6
	for qemu-devel@nongnu.org; Sat, 15 Jan 2011 11:59:39 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefan@weilnetz.de>) id 1Pe9TQ-0005BA-En
	for qemu-devel@nongnu.org; Sat, 15 Jan 2011 11:59:34 -0500
Received: from moutng.kundenserver.de ([212.227.126.186]:58420)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefan@weilnetz.de>) id 1Pe9TQ-0005A1-4R
	for qemu-devel@nongnu.org; Sat, 15 Jan 2011 11:59:32 -0500
From: Stefan Weil <weil@mail.berlios.de>
Date: Sat, 15 Jan 2011 17:59:20 +0100
Message-Id: <1295110760-13162-1-git-send-email-weil@mail.berlios.de>
Subject: [Qemu-devel] [PATCH] hw/fmopl: Fix buffer access out-of-bounds
	errors
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: QEMU Developers <qemu-devel@nongnu.org>
Cc: Blue Swirl <blauwirbel@gmail.com>

Index 75 is one too large for AR_TABLE[75], DR_TABLE[75].
This error was reported by cppcheck.

hw/fmopl.c:600: error: Buffer access out-of-bounds: OPL.AR_TABLE
hw/fmopl.c:601: error: Buffer access out-of-bounds: OPL.DR_TABLE

Fix this by limiting the access to the allowed range.
MultiArcadeMachineEmulator has newer versions of fmopl,
but using these requires more efforts.

Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
---
 hw/fmopl.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/hw/fmopl.c b/hw/fmopl.c
index 3df1806..d8a0f36 100644
--- a/hw/fmopl.c
+++ b/hw/fmopl.c
@@ -45,6 +45,10 @@
 #define PI 3.14159265358979323846
 #endif
 
+#ifndef ARRAY_SIZE
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+#endif
+
 /* -------------------- for debug --------------------- */
 /* #define OPL_OUTPUT_LOG */
 #ifdef OPL_OUTPUT_LOG
@@ -595,7 +599,7 @@ static void init_timetables( FM_OPL *OPL , int ARRATE , int DRRATE )
 		OPL->AR_TABLE[i] = rate / ARRATE;
 		OPL->DR_TABLE[i] = rate / DRRATE;
 	}
-	for (i = 60;i < 76;i++)
+	for (i = 60; i < ARRAY_SIZE(OPL->AR_TABLE); i++)
 	{
 		OPL->AR_TABLE[i] = EG_AED-1;
 		OPL->DR_TABLE[i] = OPL->DR_TABLE[60];
-- 
1.7.2.3