[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1904331] Re: Coding bug in the function serial_ioport_write in seri
From: |
Peter Maydell |
Subject: |
[Bug 1904331] Re: Coding bug in the function serial_ioport_write in serial.c |
Date: |
Wed, 18 Nov 2020 15:40:11 -0000 |
** Changed in: qemu
Status: New => Confirmed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1904331
Title:
Coding bug in the function serial_ioport_write in serial.c
Status in QEMU:
Confirmed
Bug description:
Branch hash: b50ea0d (pulled from github).
I was reviewing the code and noticed the following in the function
serial_ioport_write:
assert(size == 1 && addr < 8);
.
.
.
switch(addr) {
default:
case 0:
if (s->lcf & UART_LCR_DLAB) {
if (size == 1) {
s->divider = (s->divider & 0xff00) | val;
} else {
s->divider = val;
}
}
The assert will trigger if the size is > 1, so the else of the if
(size == 1) will never be executed and an attempt to specify a size >
1 will trigger an assert.
The documentation for the UART indicates that the 16-bit divisor is
broken up amongst 2 8-bit registers (DLL and DLM). There already is
code to handle the DLL and DLM portions of the divider register (as
coded).
This is not exactly going to cause a bug, as there is no code that
calls this function with a value for size other than 1. It is just
unnecessary code.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1904331/+subscriptions