aboutsummaryrefslogtreecommitdiff
path: root/hw
diff options
context:
space:
mode:
authorAnthony Liguori <aliguori@us.ibm.com>2012-09-25 16:06:16 -0500
committerAnthony Liguori <aliguori@us.ibm.com>2012-09-25 16:06:16 -0500
commit3988475b9b7fa251b00a29b076761d8c1c7e64dc (patch)
tree140c0410e1d8133ddd33e07ad2fc9c2a8d0e824b /hw
parent97fe81d3e8613be13754ff096c16b73010fd60ad (diff)
parent95df51a4a02a853af8828c281bce2d4f2a41d6fd (diff)
downloadqemu-3988475b9b7fa251b00a29b076761d8c1c7e64dc.zip
qemu-3988475b9b7fa251b00a29b076761d8c1c7e64dc.tar.gz
qemu-3988475b9b7fa251b00a29b076761d8c1c7e64dc.tar.bz2
Merge remote-tracking branch 'stefanha/trivial-patches' into staging
* stefanha/trivial-patches: w32: Always use standard instead of native format strings net/socket: Fix compiler warning (regression for MinGW) linux-user: Remove redundant null check and replace free by g_free qemu-timer: simplify qemu_run_timers TextConsole: saturate escape parameter in TTY_STATE_CSI curses: don't initialize curses when qemu is daemonized dtrace backend: add function to reserved words pflash_cfi01: Fix warning caused by unreachable code ioh3420: Remove unreachable code lm4549: Fix buffer overflow cadence_uart: Fix buffer overflow qemu-sockets: Fix potential memory leak qemu-ga: Remove unreachable code after g_error target-i386: Allow tsc-frequency to be larger then 2.147G
Diffstat (limited to 'hw')
-rw-r--r--hw/cadence_uart.c2
-rw-r--r--hw/ioh3420.c1
-rw-r--r--hw/lm4549.c2
-rw-r--r--hw/pflash_cfi01.c8
4 files changed, 6 insertions, 7 deletions
diff --git a/hw/cadence_uart.c b/hw/cadence_uart.c
index d98e531..f8afc4e 100644
--- a/hw/cadence_uart.c
+++ b/hw/cadence_uart.c
@@ -404,7 +404,7 @@ static uint64_t uart_read(void *opaque, target_phys_addr_t offset,
uint32_t c = 0;
offset >>= 2;
- if (offset > R_MAX) {
+ if (offset >= R_MAX) {
return 0;
} else if (offset == R_TX_RX) {
uart_read_rx_fifo(s, &c);
diff --git a/hw/ioh3420.c b/hw/ioh3420.c
index 94a537c..4d31473 100644
--- a/hw/ioh3420.c
+++ b/hw/ioh3420.c
@@ -125,7 +125,6 @@ static int ioh3420_initfn(PCIDevice *d)
rc = pcie_chassis_add_slot(s);
if (rc < 0) {
goto err_pcie_cap;
- return rc;
}
pcie_cap_root_init(d);
rc = pcie_aer_init(d, IOH_EP_AER_OFFSET);
diff --git a/hw/lm4549.c b/hw/lm4549.c
index 80b3ec4..e0137d5 100644
--- a/hw/lm4549.c
+++ b/hw/lm4549.c
@@ -224,7 +224,7 @@ uint32_t lm4549_write_samples(lm4549_state *s, uint32_t left, uint32_t right)
This model supports 16-bit playback.
*/
- if (s->buffer_level >= LM4549_BUFFER_SIZE) {
+ if (s->buffer_level > LM4549_BUFFER_SIZE - 2) {
DPRINTF("write_sample Buffer full\n");
return 0;
}
diff --git a/hw/pflash_cfi01.c b/hw/pflash_cfi01.c
index 9c42d31..855890d 100644
--- a/hw/pflash_cfi01.c
+++ b/hw/pflash_cfi01.c
@@ -321,7 +321,7 @@ static void pflash_write(pflash_t *pfl, target_phys_addr_t offset,
}
pfl->wcycle++;
pfl->cmd = cmd;
- return;
+ break;
case 1:
switch (pfl->cmd) {
case 0x10: /* Single Byte Program */
@@ -376,7 +376,7 @@ static void pflash_write(pflash_t *pfl, target_phys_addr_t offset,
default:
goto error_flash;
}
- return;
+ break;
case 2:
switch (pfl->cmd) {
case 0xe8: /* Block write */
@@ -407,7 +407,7 @@ static void pflash_write(pflash_t *pfl, target_phys_addr_t offset,
default:
goto error_flash;
}
- return;
+ break;
case 3: /* Confirm mode */
switch (pfl->cmd) {
case 0xe8: /* Block write */
@@ -423,7 +423,7 @@ static void pflash_write(pflash_t *pfl, target_phys_addr_t offset,
default:
goto error_flash;
}
- return;
+ break;
default:
/* Should never happen */
DPRINTF("%s: invalid write state\n", __func__);