From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:48175) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TGDph-0001Cj-Iz for qemu-devel@nongnu.org; Mon, 24 Sep 2012 14:56:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TGDpg-00083b-L8 for qemu-devel@nongnu.org; Mon, 24 Sep 2012 14:56:41 -0400 Received: from 38.0.169.217.in-addr.arpa ([217.169.0.38]:48716 helo=mnementh.archaic.org.uk) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TGDpg-00083K-Ek for qemu-devel@nongnu.org; Mon, 24 Sep 2012 14:56:40 -0400 From: Peter Maydell Date: Mon, 24 Sep 2012 19:33:11 +0100 Message-Id: <1348511595-13327-1-git-send-email-peter.maydell@linaro.org> Subject: [Qemu-devel] [PATCH 0/4] ds1338 I2C RTC+NVRAM: various fixes List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: patches@linaro.org Clang's static analyzer drew my attention to the mishandling of the register pointer in ds1338_send(); one thing led to another and I fixed a few other things while I was there. There seems a reasonable chance that the overrun of nvram[] is guest-exploitable, but I assume nobody treats realview or versatilepb models as a security boundary... Peter Maydell (4): hw/ds1338: Fix mishandling of register pointer hw/ds1338: Recapture current time when register pointer wraps around hw/ds1338: Remove 'now' field from state struct hw/ds1338: Implement state save/restore hw/ds1338.c | 123 +++++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 86 insertions(+), 37 deletions(-) -- 1.7.9.5