aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Hajnoczi <stefanha@linux.vnet.ibm.com>2012-04-11 12:01:44 +0100
committerAnthony Liguori <aliguori@us.ibm.com>2012-04-11 12:30:01 -0500
commit3e48dd4a2d48aabafe22ce3611d65544d0234a69 (patch)
tree39ec6d5fcdea3a437c8b8ebf18c4d558980c5282
parentc1958aea51a14199d05d392edce932a956e1674d (diff)
downloadqemu-3e48dd4a2d48aabafe22ce3611d65544d0234a69.zip
qemu-3e48dd4a2d48aabafe22ce3611d65544d0234a69.tar.gz
qemu-3e48dd4a2d48aabafe22ce3611d65544d0234a69.tar.bz2
rtl8139: do not assume TxStatus[] and TxAddr[] are adjacent
Commit afe0a595356192d5f79703cf6462fcc112df007c ("rtl8139: support byte read to TxStatus registers") reused rtl8139_TxStatus_read() for reading TxAddr registers. It relies on the fact that TxStatus[] and TxAddr[] are adjacent. This causes a gcc warning because the compiler can detect that array access is out-of-bounds: hw/rtl8139.c:2501:27: error: array subscript is above array bounds [-Werror=array-bounds] This patch refactors the function so that we don't rely on out-of-bounds accesses. Cc: Jason Wang <jasonwang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-rw-r--r--hw/rtl8139.c26
1 files changed, 15 insertions, 11 deletions
diff --git a/hw/rtl8139.c b/hw/rtl8139.c
index 4d553a8..4d0f5ba 100644
--- a/hw/rtl8139.c
+++ b/hw/rtl8139.c
@@ -2482,15 +2482,17 @@ static void rtl8139_TxStatus_write(RTL8139State *s, uint32_t txRegOffset, uint32
rtl8139_transmit(s);
}
-static uint32_t rtl8139_TxStatus_read(RTL8139State *s, uint8_t addr, int size)
+static uint32_t rtl8139_TxStatus_TxAddr_read(RTL8139State *s, uint32_t regs[],
+ uint32_t base, uint8_t addr,
+ int size)
{
- uint32_t reg = (addr - TxStatus0) / 4;
+ uint32_t reg = (addr - base) / 4;
uint32_t offset = addr & 0x3;
uint32_t ret = 0;
if (addr & (size - 1)) {
- DPRINTF("not implemented read for TxStatus addr=0x%x size=0x%x\n", addr,
- size);
+ DPRINTF("not implemented read for TxStatus/TxAddr "
+ "addr=0x%x size=0x%x\n", addr, size);
return ret;
}
@@ -2498,12 +2500,12 @@ static uint32_t rtl8139_TxStatus_read(RTL8139State *s, uint8_t addr, int size)
case 1: /* fall through */
case 2: /* fall through */
case 4:
- ret = (s->TxStatus[reg] >> offset * 8) & ((1 << (size * 8)) - 1);
- DPRINTF("TxStatus[%d] read addr=0x%x size=0x%x val=0x%08x\n", reg, addr,
- size, ret);
+ ret = (regs[reg] >> offset * 8) & ((1 << (size * 8)) - 1);
+ DPRINTF("TxStatus/TxAddr[%d] read addr=0x%x size=0x%x val=0x%08x\n",
+ reg, addr, size, ret);
break;
default:
- DPRINTF("unsupported size 0x%x of TxStatus reading\n", size);
+ DPRINTF("unsupported size 0x%x of TxStatus/TxAddr reading\n", size);
break;
}
@@ -2977,7 +2979,8 @@ static uint32_t rtl8139_io_readb(void *opaque, uint8_t addr)
ret = s->mult[addr - MAR0];
break;
case TxStatus0 ... TxStatus0+4*4-1:
- ret = rtl8139_TxStatus_read(s, addr, 1);
+ ret = rtl8139_TxStatus_TxAddr_read(s, s->TxStatus, TxStatus0,
+ addr, 1);
break;
case ChipCmd:
ret = rtl8139_ChipCmd_read(s);
@@ -3043,7 +3046,7 @@ static uint32_t rtl8139_io_readw(void *opaque, uint8_t addr)
switch (addr)
{
case TxAddr0 ... TxAddr0+4*4-1:
- ret = rtl8139_TxStatus_read(s, addr, 2);
+ ret = rtl8139_TxStatus_TxAddr_read(s, s->TxAddr, TxAddr0, addr, 2);
break;
case IntrMask:
ret = rtl8139_IntrMask_read(s);
@@ -3135,7 +3138,8 @@ static uint32_t rtl8139_io_readl(void *opaque, uint8_t addr)
break;
case TxStatus0 ... TxStatus0+4*4-1:
- ret = rtl8139_TxStatus_read(s, addr, 4);
+ ret = rtl8139_TxStatus_TxAddr_read(s, s->TxStatus, TxStatus0,
+ addr, 4);
break;
case TxAddr0 ... TxAddr0+4*4-1: