From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:35685)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1S5gR3-0002xP-To
	for qemu-devel@nongnu.org; Thu, 08 Mar 2012 11:43:31 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1S5gQk-00063x-Dd
	for qemu-devel@nongnu.org; Thu, 08 Mar 2012 11:43:25 -0500
Received: from mail-pz0-f45.google.com ([209.85.210.45]:36142)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1S5gQk-00063Y-7i
	for qemu-devel@nongnu.org; Thu, 08 Mar 2012 11:43:06 -0500
Received: by dadp14 with SMTP id p14so713390dad.4
	for <qemu-devel@nongnu.org>; Thu, 08 Mar 2012 08:43:04 -0800 (PST)
Message-ID: <4F58E193.2040806@codemonkey.ws>
Date: Thu, 08 Mar 2012 10:42:59 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
References: <cover.1330921815.git.peter.crosthwaite@petalogix.com>
	<b6d750d19fa2d2bcf4ac3a608ad37431e3cee987.1330921815.git.peter.crosthwaite@petalogix.com>
In-Reply-To: <b6d750d19fa2d2bcf4ac3a608ad37431e3cee987.1330921815.git.peter.crosthwaite@petalogix.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [Qemu-devel] [PATCH v9 4/4] xilinx_zynq: machine model initial
 version
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Peter A. G. Crosthwaite" <peter.crosthwaite@petalogix.com>
Cc: peter.maydell@linaro.org, monstr@monstr.eu, qemu-devel@nongnu.org, paul@codesourcery.com, duyl@xilinx.com, linnj@xilinx.com, edgar.iglesias@gmail.com, afaerber@suse.de, john.williams@petalogix.com

On 03/04/2012 10:39 PM, Peter A. G. Crosthwaite wrote:
> Xilinx zynq-7000 machine model. Also includes device model for the zynq-specific
> system level control register (SLCR) module.
>
> Signed-off-by: Peter A. G. Crosthwaite<peter.crosthwaite@petalogix.com>
> Acked-by: Edgar E. Iglesias<edgar.iglesias@gmail.com>

This breaks the build for me:

cc1: warnings being treated as errors
/home/anthony/git/qemu/hw/zynq_slcr.c: In function ‘zynq_slcr_read’:
/home/anthony/git/qemu/hw/zynq_slcr.c:314:25: error: array subscript is above 
array bounds
/home/anthony/git/qemu/hw/zynq_slcr.c: In function ‘zynq_slcr_write’:
/home/anthony/git/qemu/hw/zynq_slcr.c:457:22: error: array subscript is above 
array bounds
make[1]: *** [zynq_slcr.o] Error 1


> +        case 0xA60 ... 0xA8C:
> +            s->afi[0][(offset - 0x700) / 4] = val;
> +            break;

And GCC is definitely right here.  This will pretty clearly overflow the array 
if offset is any of the allowable values per the switch statement.

Regards,

Anthony Liguori