diff options
author | Feng Jiang <jiangfeng@kylinos.cn> | 2023-04-20 10:21:13 +0100 |
---|---|---|
committer | Peter Maydell <peter.maydell@linaro.org> | 2023-04-20 10:21:13 +0100 |
commit | c47a80cd14309727f5a0a0eb0fd26d4aa1b5c14c (patch) | |
tree | 2487ef15baaeedc85b20b3f7202edcdbdbbf929c /hw/timer | |
parent | b3db996ffce758bd80181528110baac2b91cd531 (diff) | |
download | qemu-c47a80cd14309727f5a0a0eb0fd26d4aa1b5c14c.zip qemu-c47a80cd14309727f5a0a0eb0fd26d4aa1b5c14c.tar.gz qemu-c47a80cd14309727f5a0a0eb0fd26d4aa1b5c14c.tar.bz2 |
exynos: Fix out-of-bounds access in exynos4210_gcomp_find debug printf
One of the debug printfs in exynos4210_gcomp_find() will
access outside the 's->g_timer.reg.comp[]' array if there
was no active comparator and 'res' is -1. Add a conditional
to avoid this.
This doesn't happen in normal use because the debug printfs
are by default not compiled in.
Signed-off-by: Feng Jiang <jiangfeng@kylinos.cn>
Message-id: 20230404074506.112615-1-jiangfeng@kylinos.cn
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: Adjusted commit message to clarify that the overrun
only happens if you've enabled debug printfs]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/timer')
-rw-r--r-- | hw/timer/exynos4210_mct.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c index c17b247..446bbd2 100644 --- a/hw/timer/exynos4210_mct.c +++ b/hw/timer/exynos4210_mct.c @@ -480,11 +480,14 @@ static int32_t exynos4210_gcomp_find(Exynos4210MCTState *s) res = min_comp_i; } - DPRINTF("found comparator %d: comp 0x%llx distance 0x%llx, gfrc 0x%llx\n", - res, - s->g_timer.reg.comp[res], - distance_min, - gfrc); + if (res >= 0) { + DPRINTF("found comparator %d: " + "comp 0x%llx distance 0x%llx, gfrc 0x%llx\n", + res, + s->g_timer.reg.comp[res], + distance_min, + gfrc); + } return res; } |