aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2014-05-13 16:09:39 +0100
committerPeter Maydell <peter.maydell@linaro.org>2014-05-13 16:09:39 +0100
commit89f26e6b7b5e5c9657f2abd6ef5a336bea11add2 (patch)
tree6aeae29d0fb94905de4640e61669385ca98857ad
parent1a7917210bd2fc8bd792f4dd36d3d44bd2244104 (diff)
downloadqemu-89f26e6b7b5e5c9657f2abd6ef5a336bea11add2.zip
qemu-89f26e6b7b5e5c9657f2abd6ef5a336bea11add2.tar.gz
qemu-89f26e6b7b5e5c9657f2abd6ef5a336bea11add2.tar.bz2
hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO
In fill_prefetch_fifo(), if the device we are reading from is 16 bit, then we must not try to transfer an odd number of bytes into the FIFO. This could otherwise have resulted in our overrunning the prefetch.fifo array by one byte. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
-rw-r--r--hw/misc/omap_gpmc.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/hw/misc/omap_gpmc.c b/hw/misc/omap_gpmc.c
index 2047274..cddea24 100644
--- a/hw/misc/omap_gpmc.c
+++ b/hw/misc/omap_gpmc.c
@@ -242,6 +242,10 @@ static void fill_prefetch_fifo(struct omap_gpmc_s *s)
if (bytes > s->prefetch.count) {
bytes = s->prefetch.count;
}
+ if (is16bit) {
+ bytes &= ~1;
+ }
+
s->prefetch.count -= bytes;
s->prefetch.fifopointer += bytes;
fptr = 64 - s->prefetch.fifopointer;