diff options
| author | Prasad J Pandit <pjp@fedoraproject.org> | 2016-10-12 11:28:08 +0530 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2016-10-24 15:27:19 +0200 |
| commit | 3592fe0c919cf27a81d8e9f9b4f269553418bb01 (patch) | |
| tree | 95788cb96c4b005dfc13ec10de448c5419d24ce2 /hw/char/serial.c | |
| parent | 0a752eeea810a1c37f5de4edba355c35cfa42524 (diff) | |
| download | qemu-3592fe0c919cf27a81d8e9f9b4f269553418bb01.zip qemu-3592fe0c919cf27a81d8e9f9b4f269553418bb01.tar.gz qemu-3592fe0c919cf27a81d8e9f9b4f269553418bb01.tar.bz2 | |
char: serial: check divider value against baud base
16550A UART device uses an oscillator to generate frequencies
(baud base), which decide communication speed. This speed could
be changed by dividing it by a divider. If the divider is
greater than the baud base, speed is set to zero, leading to a
divide by zero error. Add check to avoid it.
Reported-by: Huawei PSIRT <psirt@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <1476251888-20238-1-git-send-email-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/char/serial.c')
| -rw-r--r-- | hw/char/serial.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/hw/char/serial.c b/hw/char/serial.c index 3442f47..eec72b7 100644 --- a/hw/char/serial.c +++ b/hw/char/serial.c @@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s) int speed, parity, data_bits, stop_bits, frame_size; QEMUSerialSetParams ssp; - if (s->divider == 0) + if (s->divider == 0 || s->divider > s->baudbase) { return; + } /* Start bit. */ frame_size = 1; |