[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/3] arm: check bit index before use
|
From: |
liqsub1 |
|
Subject: |
Re: [Qemu-devel] [PATCH 1/3] arm: check bit index before use |
|
Date: |
Mon, 22 Oct 2018 20:15:15 +0800 |
2018-10-22
liqsub1
发件人:P J P <address@hidden>
发送时间:2018-10-23 01:39
主题:[Qemu-devel] [PATCH 1/3] arm: check bit index before use
收件人:"Qemu Developers"<address@hidden>
抄送:"Peter Maydell"<address@hidden>,"Moguofang"<address@hidden>,"Prasad J
Pandit"<address@hidden>
From: Prasad J Pandit <address@hidden>
While performing gpio write via strongarm_gpio_handler_update
routine, the 'bit' index could access beyond s->handler[28] array.
Add check to avoid OOB access.
Reported-by: Moguofang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
hw/arm/strongarm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
index ec2627374d..3dda75feaf 100644
--- a/hw/arm/strongarm.c
+++ b/hw/arm/strongarm.c
@@ -532,7 +532,9 @@ static void strongarm_gpio_handler_update(StrongARMGPIOInfo
*s)
for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
bit = ctz32(diff);
- qemu_set_irq(s->handler[bit], (level >> bit) & 1);
+ if (bit < sizeof(s->handler) / sizeof(s->handler[0])) {
Hello Prasad,
Maybe you can use ARRAY_SIZE here.
Thanks,
Li Qiang
+ qemu_set_irq(s->handler[bit], (level >> bit) & 1);
+ }
}
s->prev_level = level;
--
2.17.2