Re: [Qemu-devel] [PATCH] cadence_uart: Fix buffer overflow

Peter Crosthwaite Mon, 03 Sep 2012 21:40:30 -0700

Thanks Stefan,

Please enqueue to Trivial.


Regards,
Peter

On Sat, Sep 1, 2012 at 7:12 PM, Stefan Weil <s...@weilnetz.de> wrote:
> Report from smatch:
> hw/cadence_uart.c:413 uart_read(13) error: buffer overflow 's->r' 18 <= 18
>
> This fixes read access to s->r[R_MAX] which is behind the limits of s->r.
>
> Signed-off-by: Stefan Weil <s...@weilnetz.de>

Reviewed-by: Peter Crosthwaite <peter.crosthwa...@petalogix.com>

> ---
>  hw/cadence_uart.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/cadence_uart.c b/hw/cadence_uart.c
> index d98e531..f8afc4e 100644
> --- a/hw/cadence_uart.c
> +++ b/hw/cadence_uart.c
> @@ -404,7 +404,7 @@ static uint64_t uart_read(void *opaque, 
> target_phys_addr_t offset,
>      uint32_t c = 0;
>
>      offset >>= 2;
> -    if (offset > R_MAX) {
> +    if (offset >= R_MAX) {
>          return 0;
>      } else if (offset == R_TX_RX) {
>          uart_read_rx_fifo(s, &c);
> --
> 1.7.10
>

Re: [Qemu-devel] [PATCH] cadence_uart: Fix buffer overflow

Reply via email to