qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 1904331] Re: Coding bug in the function serial_ioport_write in seri


From: Peter Maydell
Subject: [Bug 1904331] Re: Coding bug in the function serial_ioport_write in serial.c
Date: Wed, 18 Nov 2020 15:40:11 -0000

** Changed in: qemu
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1904331

Title:
  Coding bug in the function serial_ioport_write in serial.c

Status in QEMU:
  Confirmed

Bug description:
  Branch hash: b50ea0d  (pulled from github).

  I was reviewing the code and noticed the following in the function
  serial_ioport_write:

      assert(size == 1 && addr < 8);
          .
          .
          .
      switch(addr) {
      default:
      case 0:
          if (s->lcf & UART_LCR_DLAB) {
              if (size == 1) {
                  s->divider = (s->divider & 0xff00) | val;
              } else {
                  s->divider = val;
              }
          }

  The assert will trigger if the size is > 1, so the else of the if
  (size == 1) will never be executed and an attempt to specify a size >
  1 will trigger an assert.

  The documentation for the UART indicates that the 16-bit divisor is
  broken up amongst 2 8-bit registers (DLL and DLM).  There already is
  code to handle the DLL and DLM portions of the divider register (as
  coded).

  This is not exactly going to cause a bug, as there is no code that
  calls this function with a value for size other than 1.  It is just
  unnecessary code.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1904331/+subscriptions



reply via email to

[Prev in Thread] Current Thread [Next in Thread]