From cc6498ec6e9e11c0b2d055efbf2f2bc518c73b3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 6 Aug 2020 15:09:44 +0200 Subject: hw/core/sysbus: Fix a typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-Id: <20200806130945.21629-2-f4bug@amsat.org> Signed-off-by: Laurent Vivier --- hw/core/sysbus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'hw/core') diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c index 70239b7..77ab351 100644 --- a/hw/core/sysbus.c +++ b/hw/core/sysbus.c @@ -64,7 +64,7 @@ void foreach_dynamic_sysbus_device(FindSysbusDeviceFunc *func, void *opaque) .opaque = opaque, }; - /* Loop through all sysbus devices that were spawened outside the machine */ + /* Loop through all sysbus devices that were spawned outside the machine */ container = container_get(qdev_get_machine(), "/peripheral"); find_sysbus_device(container, &find); container = container_get(qdev_get_machine(), "/peripheral-anon"); -- cgit v1.1 From f234501c67234d54dc75f34eb76988c929778070 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 6 Aug 2020 15:09:45 +0200 Subject: hw/core/sysbus: Assert memory region index is in range MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Devices incorrectly modelled might use invalid index while calling sysbus_mmio_get_region(), leading to OOB access. Help developers by asserting the index is in range. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-Id: <20200806130945.21629-3-f4bug@amsat.org> Signed-off-by: Laurent Vivier --- hw/core/sysbus.c | 1 + 1 file changed, 1 insertion(+) (limited to 'hw/core') diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c index 77ab351..294f90b 100644 --- a/hw/core/sysbus.c +++ b/hw/core/sysbus.c @@ -199,6 +199,7 @@ void sysbus_init_mmio(SysBusDevice *dev, MemoryRegion *memory) MemoryRegion *sysbus_mmio_get_region(SysBusDevice *dev, int n) { + assert(n >= 0 && n < QDEV_MAX_MMIO); return dev->mmio[n].memory; } -- cgit v1.1