diff options
| author | Patrick Venture <venture@google.com> | 2025-03-07 10:08:19 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2025-03-07 10:08:19 +0000 |
| commit | 3b2e22c0bbe2ce07123d93961d52f17644562cd7 (patch) | |
| tree | 943cbdc13c12388ab8105f3e2dee0bcd21c55ff4 | |
| parent | a674db604db3fc4ef5267243dc991852f1f1bebc (diff) | |
| download | qemu-3b2e22c0bbe2ce07123d93961d52f17644562cd7.zip qemu-3b2e22c0bbe2ce07123d93961d52f17644562cd7.tar.gz qemu-3b2e22c0bbe2ce07123d93961d52f17644562cd7.tar.bz2 | |
hw/gpio: npcm7xx: fixup out-of-bounds access
The reg isn't validated to be a possible register before
it's dereferenced for one case. The mmio space registered
for the gpio device is 4KiB but there aren't that many
registers in the struct.
Cc: qemu-stable@nongnu.org
Fixes: 526dbbe0874 ("hw/gpio: Add GPIO model for Nuvoton NPCM7xx")
Signed-off-by: Patrick Venture <venture@google.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250226024603.493148-1-venture@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | hw/gpio/npcm7xx_gpio.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/hw/gpio/npcm7xx_gpio.c b/hw/gpio/npcm7xx_gpio.c index 23e6742..2916056 100644 --- a/hw/gpio/npcm7xx_gpio.c +++ b/hw/gpio/npcm7xx_gpio.c @@ -220,8 +220,6 @@ static void npcm7xx_gpio_regs_write(void *opaque, hwaddr addr, uint64_t v, return; } - diff = s->regs[reg] ^ value; - switch (reg) { case NPCM7XX_GPIO_TLOCK1: case NPCM7XX_GPIO_TLOCK2: @@ -242,6 +240,7 @@ static void npcm7xx_gpio_regs_write(void *opaque, hwaddr addr, uint64_t v, case NPCM7XX_GPIO_PU: case NPCM7XX_GPIO_PD: case NPCM7XX_GPIO_IEM: + diff = s->regs[reg] ^ value; s->regs[reg] = value; npcm7xx_gpio_update_pins(s, diff); break; |