From f6cf41932edf260c2574346a08358ad2d20c357e Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Mon, 27 Jun 2016 15:37:32 +0100 Subject: cadence_uart: Protect against transmit errors If qemu_chr_fe_write() returns an error (represented by a negative number) we should skip incrementing the count and initiating a memmove(). Signed-off-by: Alistair Francis Reported-by: Peter Maydell Message-id: 667e5dc534d33338fcfc2471e5aa32fe7cbd13dc.1466546703.git.alistair.francis@xilinx.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/char/cadence_uart.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c index c856fc3..844542f 100644 --- a/hw/char/cadence_uart.c +++ b/hw/char/cadence_uart.c @@ -288,8 +288,11 @@ static gboolean cadence_uart_xmit(GIOChannel *chan, GIOCondition cond, } ret = qemu_chr_fe_write(s->chr, s->tx_fifo, s->tx_count); - s->tx_count -= ret; - memmove(s->tx_fifo, s->tx_fifo + ret, s->tx_count); + + if (ret >= 0) { + s->tx_count -= ret; + memmove(s->tx_fifo, s->tx_fifo + ret, s->tx_count); + } if (s->tx_count) { int r = qemu_chr_fe_add_watch(s->chr, G_IO_OUT|G_IO_HUP, -- cgit v1.1