[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 13/13] nvic: Fix miscalculation of offsets into ITNS
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-devel] [PULL 13/13] nvic: Fix miscalculation of offsets into ITNS array |
|
Date: |
Thu, 12 Oct 2017 17:03:36 +0100 |
This calculation of the first exception vector in
the ITNS<n> register being accessed:
int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ;
is incorrect, because offset is in bytes, so we only want
to multiply by 8.
Spotted by Coverity (CID 1381484, CID 1381488), though it is
not correct that it actually overflows the buffer, because
we have a 'startvec + i < s->num_irq' guard.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
---
hw/intc/armv7m_nvic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index a42961c..be46639 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -698,7 +698,7 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset,
MemTxAttrs attrs)
return ((s->num_irq - NVIC_FIRST_IRQ) / 32) - 1;
case 0x380 ... 0x3bf: /* NVIC_ITNS<n> */
{
- int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ;
+ int startvec = 8 * (offset - 0x380) + NVIC_FIRST_IRQ;
int i;
if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
@@ -1102,7 +1102,7 @@ static void nvic_writel(NVICState *s, uint32_t offset,
uint32_t value,
switch (offset) {
case 0x380 ... 0x3bf: /* NVIC_ITNS<n> */
{
- int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ;
+ int startvec = 8 * (offset - 0x380) + NVIC_FIRST_IRQ;
int i;
if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
--
2.7.4
- [Qemu-devel] [PULL 00/13] target-arm queue, Peter Maydell, 2017/10/12
- [Qemu-devel] [PULL 04/13] target/arm: Implement SG instruction, Peter Maydell, 2017/10/12
- [Qemu-devel] [PULL 06/13] target/arm: Implement secure function return, Peter Maydell, 2017/10/12
- [Qemu-devel] [PULL 01/13] watchdog/aspeed: fix variable type to store reload value, Peter Maydell, 2017/10/12
- [Qemu-devel] [PULL 09/13] target-arm: Simplify insn_crosses_page(), Peter Maydell, 2017/10/12
- [Qemu-devel] [PULL 03/13] target/arm: Add M profile secure MMU index values to get_a32_user_mem_index(), Peter Maydell, 2017/10/12
- [Qemu-devel] [PULL 12/13] nvic: Add missing 'break', Peter Maydell, 2017/10/12
- [Qemu-devel] [PULL 13/13] nvic: Fix miscalculation of offsets into ITNS array,
Peter Maydell <=
- [Qemu-devel] [PULL 08/13] target/arm: Pull Thumb insn word loads up to top level, Peter Maydell, 2017/10/12
- [Qemu-devel] [PULL 02/13] arm: fix armv7m_init() declaration to match definition, Peter Maydell, 2017/10/12
- [Qemu-devel] [PULL 07/13] target-arm: Don't check for "Thumb2 or M profile" for not-Thumb1, Peter Maydell, 2017/10/12
- [Qemu-devel] [PULL 05/13] target/arm: Implement BLXNS, Peter Maydell, 2017/10/12
- [Qemu-devel] [PULL 11/13] target/arm: Implement SG instruction corner cases, Peter Maydell, 2017/10/12
- [Qemu-devel] [PULL 10/13] target/arm: Support some Thumb insns being always unconditional, Peter Maydell, 2017/10/12
- Re: [Qemu-devel] [PULL 00/13] target-arm queue, Peter Maydell, 2017/10/16