aboutsummaryrefslogtreecommitdiff
path: root/hw
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2014-05-13 16:09:39 +0100
committerPeter Maydell <peter.maydell@linaro.org>2014-05-13 16:09:39 +0100
commit89f26e6b7b5e5c9657f2abd6ef5a336bea11add2 (patch)
tree6aeae29d0fb94905de4640e61669385ca98857ad /hw
parent1a7917210bd2fc8bd792f4dd36d3d44bd2244104 (diff)
downloadqemu-89f26e6b7b5e5c9657f2abd6ef5a336bea11add2.zip
qemu-89f26e6b7b5e5c9657f2abd6ef5a336bea11add2.tar.gz
qemu-89f26e6b7b5e5c9657f2abd6ef5a336bea11add2.tar.bz2
hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO
In fill_prefetch_fifo(), if the device we are reading from is 16 bit, then we must not try to transfer an odd number of bytes into the FIFO. This could otherwise have resulted in our overrunning the prefetch.fifo array by one byte. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Diffstat (limited to 'hw')
-rw-r--r--hw/misc/omap_gpmc.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/hw/misc/omap_gpmc.c b/hw/misc/omap_gpmc.c
index 2047274..cddea24 100644
--- a/hw/misc/omap_gpmc.c
+++ b/hw/misc/omap_gpmc.c
@@ -242,6 +242,10 @@ static void fill_prefetch_fifo(struct omap_gpmc_s *s)
if (bytes > s->prefetch.count) {
bytes = s->prefetch.count;
}
+ if (is16bit) {
+ bytes &= ~1;
+ }
+
s->prefetch.count -= bytes;
s->prefetch.fifopointer += bytes;
fptr = 64 - s->prefetch.fifopointer;