From a94bb9cd586c50d13b68e5fa4628cc36e29805c4 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Wed, 11 Oct 2017 18:24:36 +0100 Subject: nvic: Add missing 'break' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Coverity points out that we forgot the 'break' for the SAU_CTRL write case (CID1381683). This has no actual visible consequences because it happens that the following case is effectively a no-op. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-id: 1507742676-9908-1-git-send-email-peter.maydell@linaro.org Reviewed-by: Richard Henderson --- hw/intc/armv7m_nvic.c | 1 + 1 file changed, 1 insertion(+) (limited to 'hw/intc') diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index 22d5e6e..a42961c 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -1447,6 +1447,7 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value, return; } cpu->env.sau.ctrl = value & 3; + break; case 0xdd4: /* SAU_TYPE */ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { goto bad_offset; -- cgit v1.1 From cf5f7937b05c84d5565134f058c00cd48304a117 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 10 Oct 2017 16:54:16 +0100 Subject: nvic: Fix miscalculation of offsets into ITNS array This calculation of the first exception vector in the ITNS register being accessed: int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ; is incorrect, because offset is in bytes, so we only want to multiply by 8. Spotted by Coverity (CID 1381484, CID 1381488), though it is not correct that it actually overflows the buffer, because we have a 'startvec + i < s->num_irq' guard. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 1507650856-11718-1-git-send-email-peter.maydell@linaro.org --- hw/intc/armv7m_nvic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'hw/intc') diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index a42961c..be46639 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -698,7 +698,7 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) return ((s->num_irq - NVIC_FIRST_IRQ) / 32) - 1; case 0x380 ... 0x3bf: /* NVIC_ITNS */ { - int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ; + int startvec = 8 * (offset - 0x380) + NVIC_FIRST_IRQ; int i; if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { @@ -1102,7 +1102,7 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value, switch (offset) { case 0x380 ... 0x3bf: /* NVIC_ITNS */ { - int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ; + int startvec = 8 * (offset - 0x380) + NVIC_FIRST_IRQ; int i; if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { -- cgit v1.1