aboutsummaryrefslogtreecommitdiff
path: root/hw/timer
diff options
context:
space:
mode:
authorFeng Jiang <jiangfeng@kylinos.cn>2023-04-20 10:21:13 +0100
committerPeter Maydell <peter.maydell@linaro.org>2023-04-20 10:21:13 +0100
commitc47a80cd14309727f5a0a0eb0fd26d4aa1b5c14c (patch)
tree2487ef15baaeedc85b20b3f7202edcdbdbbf929c /hw/timer
parentb3db996ffce758bd80181528110baac2b91cd531 (diff)
downloadqemu-c47a80cd14309727f5a0a0eb0fd26d4aa1b5c14c.zip
qemu-c47a80cd14309727f5a0a0eb0fd26d4aa1b5c14c.tar.gz
qemu-c47a80cd14309727f5a0a0eb0fd26d4aa1b5c14c.tar.bz2
exynos: Fix out-of-bounds access in exynos4210_gcomp_find debug printf
One of the debug printfs in exynos4210_gcomp_find() will access outside the 's->g_timer.reg.comp[]' array if there was no active comparator and 'res' is -1. Add a conditional to avoid this. This doesn't happen in normal use because the debug printfs are by default not compiled in. Signed-off-by: Feng Jiang <jiangfeng@kylinos.cn> Message-id: 20230404074506.112615-1-jiangfeng@kylinos.cn Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: Adjusted commit message to clarify that the overrun only happens if you've enabled debug printfs] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/timer')
-rw-r--r--hw/timer/exynos4210_mct.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c
index c17b247..446bbd2 100644
--- a/hw/timer/exynos4210_mct.c
+++ b/hw/timer/exynos4210_mct.c
@@ -480,11 +480,14 @@ static int32_t exynos4210_gcomp_find(Exynos4210MCTState *s)
res = min_comp_i;
}
- DPRINTF("found comparator %d: comp 0x%llx distance 0x%llx, gfrc 0x%llx\n",
- res,
- s->g_timer.reg.comp[res],
- distance_min,
- gfrc);
+ if (res >= 0) {
+ DPRINTF("found comparator %d: "
+ "comp 0x%llx distance 0x%llx, gfrc 0x%llx\n",
+ res,
+ s->g_timer.reg.comp[res],
+ distance_min,
+ gfrc);
+ }
return res;
}