From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55561) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bwQzS-0004sw-QQ for qemu-devel@nongnu.org; Tue, 18 Oct 2016 05:47:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bwQzS-00059k-45 for qemu-devel@nongnu.org; Tue, 18 Oct 2016 05:47:22 -0400 From: P J P Date: Tue, 18 Oct 2016 15:17:05 +0530 Message-Id: <1476784025-27293-1-git-send-email-ppandit@redhat.com> Subject: [Qemu-devel] [PATCH] char: cadence: check divider against baud rate List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Qemu Developers Cc: "Edgar E . Iglesias" , Huawei PSIRT , Alistair Francis , qemu-arm@nongnu.org, Prasad J Pandit From: Prasad J Pandit The Cadence UART device emulator calculates speed by dividing the baud rate by a divider. If this divider was to be zero or if baud rate was to be lesser than the divider, it could lead to a divide by zero error. Add check to avoid it. Reported-by: Huawei PSIRT Signed-off-by: Prasad J Pandit --- hw/char/cadence_uart.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c index e3bc52f..b18dd7f 100644 --- a/hw/char/cadence_uart.c +++ b/hw/char/cadence_uart.c @@ -170,6 +170,10 @@ static void uart_parameters_setup(CadenceUARTState *s) baud_rate = (s->r[R_MR] & UART_MR_CLKS) ? UART_INPUT_CLK / 8 : UART_INPUT_CLK; + if (!s->r[R_BRGR] || !(s->r[R_BDIV] + 1) + || baud_rate < (s->r[R_BRGR] * (s->r[R_BDIV] + 1))) { + return; + } ssp.speed = baud_rate / (s->r[R_BRGR] * (s->r[R_BDIV] + 1)); packet_size = 1; -- 2.7.4