From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=49314 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PjrIb-0004gb-5T
	for qemu-devel@nongnu.org; Mon, 31 Jan 2011 05:47:58 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1PjrDQ-0000H8-8c
	for qemu-devel@nongnu.org; Mon, 31 Jan 2011 05:42:37 -0500
Received: from mnementh.archaic.org.uk ([81.2.115.146]:11244)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1PjrDQ-0000Gw-1y
	for qemu-devel@nongnu.org; Mon, 31 Jan 2011 05:42:36 -0500
From: Peter Maydell <peter.maydell@linaro.org>
Date: Mon, 31 Jan 2011 10:42:26 +0000
Message-Id: <1296470546-16488-1-git-send-email-peter.maydell@linaro.org>
Subject: [Qemu-devel] [PATCH] hw/slavio_intctl.c: fix gcc warning about
	array bounds overrun
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Blue Swirl <blauwirbel@gmail.com>, patches@linaro.org

The Ubuntu 10.10 gcc for ARM complains that we might be overrunning
the cpu_irqs[][] array: silence this by correcting the bounds on the
loop. (In fact we would not have overrun the array because bit
MAX_PILS in pil_pending and irl_out will always be 0.)

Also add a comment about why the loop's lower bound is OK.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
I've tested that with this change we still boot the sparc
Debian image from http://people.debian.org/~aurel32/qemu/sparc/
and the change makes sense according to my understanding of
http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C105.txt

 hw/slavio_intctl.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/hw/slavio_intctl.c b/hw/slavio_intctl.c
index fd69354..a83e5b8 100644
--- a/hw/slavio_intctl.c
+++ b/hw/slavio_intctl.c
@@ -289,7 +289,12 @@ static void slavio_check_interrupts(SLAVIO_INTCTLState *s, int set_irqs)
         pil_pending |= (s->slaves[i].intreg_pending & CPU_SOFTIRQ_MASK) >> 16;
 
         if (set_irqs) {
-            for (j = MAX_PILS; j > 0; j--) {
+            /* Since there is not really an interrupt 0 (and pil_pending
+             * and irl_out bit zero are thus always zero) there is no need
+             * to do anything with cpu_irqs[i][0] and it is OK not to do
+             * the j=0 iteration of this loop.
+             */
+            for (j = MAX_PILS-1; j > 0; j--) {
                 if (pil_pending & (1 << j)) {
                     if (!(s->slaves[i].irl_out & (1 << j))) {
                         qemu_irq_raise(s->cpu_irqs[i][j]);
-- 
1.7.1