On Tue, Jul 14, 2020 at 02:20:15PM +0200, p...@cmp.felk.cvut.cz wrote: > From: Jan Charvat <charv...@fel.cvut.cz> > > Signed-off-by: Jan Charvat <charv...@fel.cvut.cz> > Signed-off-by: Pavel Pisa <p...@cmp.felk.cvut.cz>
Reviewed-by: Vikram Garhwal <fnu.vik...@xilinx.com> > --- > hw/net/can/can_sja1000.c | 29 +++++++++++++++++++++++------ > 1 file changed, 23 insertions(+), 6 deletions(-) > > diff --git a/hw/net/can/can_sja1000.c b/hw/net/can/can_sja1000.c > index d83c550edc..382911560c 100644 > --- a/hw/net/can/can_sja1000.c > +++ b/hw/net/can/can_sja1000.c > @@ -323,11 +323,16 @@ static void buff2frame_bas(const uint8_t *buff, > qemu_can_frame *frame) > static int frame2buff_pel(const qemu_can_frame *frame, uint8_t *buff) > { > int i; > + int dlen = frame->can_dlc; > > if (frame->can_id & QEMU_CAN_ERR_FLAG) { /* error frame, NOT support > now. */ > return -1; > } > > + if (dlen > 8) { > + return -1; > + } > + > buff[0] = 0x0f & frame->can_dlc; /* DLC */ > if (frame->can_id & QEMU_CAN_RTR_FLAG) { /* RTR */ > buff[0] |= (1 << 6); > @@ -338,18 +343,18 @@ static int frame2buff_pel(const qemu_can_frame *frame, > uint8_t *buff) > buff[2] = extract32(frame->can_id, 13, 8); /* ID.20~ID.13 */ > buff[3] = extract32(frame->can_id, 5, 8); /* ID.12~ID.05 */ > buff[4] = extract32(frame->can_id, 0, 5) << 3; /* ID.04~ID.00,xxx */ > - for (i = 0; i < frame->can_dlc; i++) { > + for (i = 0; i < dlen; i++) { > buff[5 + i] = frame->data[i]; > } > - return frame->can_dlc + 5; > + return dlen + 5; > } else { /* SFF */ > buff[1] = extract32(frame->can_id, 3, 8); /* ID.10~ID.03 */ > buff[2] = extract32(frame->can_id, 0, 3) << 5; /* ID.02~ID.00,xxxxx > */ > - for (i = 0; i < frame->can_dlc; i++) { > + for (i = 0; i < dlen; i++) { > buff[3 + i] = frame->data[i]; > } > > - return frame->can_dlc + 3; > + return dlen + 3; > } > > return -1; > @@ -358,6 +363,7 @@ static int frame2buff_pel(const qemu_can_frame *frame, > uint8_t *buff) > static int frame2buff_bas(const qemu_can_frame *frame, uint8_t *buff) > { > int i; > + int dlen = frame->can_dlc; > > /* > * EFF, no support for BasicMode > @@ -369,17 +375,21 @@ static int frame2buff_bas(const qemu_can_frame *frame, > uint8_t *buff) > return -1; > } > > + if (dlen > 8) { > + return -1; > + } > + > buff[0] = extract32(frame->can_id, 3, 8); /* ID.10~ID.03 */ > buff[1] = extract32(frame->can_id, 0, 3) << 5; /* ID.02~ID.00,xxxxx */ > if (frame->can_id & QEMU_CAN_RTR_FLAG) { /* RTR */ > buff[1] |= (1 << 4); > } > buff[1] |= frame->can_dlc & 0x0f; > - for (i = 0; i < frame->can_dlc; i++) { > + for (i = 0; i < dlen; i++) { > buff[2 + i] = frame->data[i]; > } > > - return frame->can_dlc + 2; > + return dlen + 2; > } > > static void can_sja_update_pel_irq(CanSJA1000State *s) > @@ -764,6 +774,13 @@ ssize_t can_sja_receive(CanBusClientState *client, const > qemu_can_frame *frames, > if (frames_cnt <= 0) { > return 0; > } > + if (frame->flags && QEMU_CAN_FRMF_TYPE_FD) { > + if (DEBUG_FILTER) { > + can_display_msg("[cansja]: ignor fd frame ", frame); > + } > + return 1; > + } > + > if (DEBUG_FILTER) { > can_display_msg("[cansja]: receive ", frame); > }