From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42102) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WkEgH-0007y9-EO for qemu-devel@nongnu.org; Tue, 13 May 2014 11:31:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WkEgG-00068r-9x for qemu-devel@nongnu.org; Tue, 13 May 2014 11:31:49 -0400 Received: from mnementh.archaic.org.uk ([2001:8b0:1d0::1]:48125) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WkEgG-00066p-4D for qemu-devel@nongnu.org; Tue, 13 May 2014 11:31:48 -0400 From: Peter Maydell Date: Tue, 13 May 2014 16:31:39 +0100 Message-Id: <1399995099-26635-18-git-send-email-peter.maydell@linaro.org> In-Reply-To: <1399995099-26635-1-git-send-email-peter.maydell@linaro.org> References: <1399995099-26635-1-git-send-email-peter.maydell@linaro.org> Subject: [Qemu-devel] [PULL 17/17] hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori Cc: qemu-devel@nongnu.org In fill_prefetch_fifo(), if the device we are reading from is 16 bit, then we must not try to transfer an odd number of bytes into the FIFO. This could otherwise have resulted in our overrunning the prefetch.fifo array by one byte. Signed-off-by: Peter Maydell Reviewed-by: Peter Crosthwaite --- hw/misc/omap_gpmc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/misc/omap_gpmc.c b/hw/misc/omap_gpmc.c index 2047274..cddea24 100644 --- a/hw/misc/omap_gpmc.c +++ b/hw/misc/omap_gpmc.c @@ -242,6 +242,10 @@ static void fill_prefetch_fifo(struct omap_gpmc_s *s) if (bytes > s->prefetch.count) { bytes = s->prefetch.count; } + if (is16bit) { + bytes &= ~1; + } + s->prefetch.count -= bytes; s->prefetch.fifopointer += bytes; fptr = 64 - s->prefetch.fifopointer; -- 1.9.2