[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 02/21] exynos: Fix out-of-bounds access in exynos4210_gcomp_find d
|
From: |
Peter Maydell |
|
Subject: |
[PULL 02/21] exynos: Fix out-of-bounds access in exynos4210_gcomp_find debug printf |
|
Date: |
Thu, 20 Apr 2023 11:04:37 +0100 |
From: Feng Jiang <jiangfeng@kylinos.cn>
One of the debug printfs in exynos4210_gcomp_find() will
access outside the 's->g_timer.reg.comp[]' array if there
was no active comparator and 'res' is -1. Add a conditional
to avoid this.
This doesn't happen in normal use because the debug printfs
are by default not compiled in.
Signed-off-by: Feng Jiang <jiangfeng@kylinos.cn>
Message-id: 20230404074506.112615-1-jiangfeng@kylinos.cn
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: Adjusted commit message to clarify that the overrun
only happens if you've enabled debug printfs]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/timer/exynos4210_mct.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c
index c17b247da34..446bbd2b96c 100644
--- a/hw/timer/exynos4210_mct.c
+++ b/hw/timer/exynos4210_mct.c
@@ -480,11 +480,14 @@ static int32_t exynos4210_gcomp_find(Exynos4210MCTState
*s)
res = min_comp_i;
}
- DPRINTF("found comparator %d: comp 0x%llx distance 0x%llx, gfrc 0x%llx\n",
- res,
- s->g_timer.reg.comp[res],
- distance_min,
- gfrc);
+ if (res >= 0) {
+ DPRINTF("found comparator %d: "
+ "comp 0x%llx distance 0x%llx, gfrc 0x%llx\n",
+ res,
+ s->g_timer.reg.comp[res],
+ distance_min,
+ gfrc);
+ }
return res;
}
--
2.34.1
- [PULL 00/21] target-arm queue, Peter Maydell, 2023/04/20
- [PULL 01/21] hw/arm: Fix some typos in comments (most found by codespell), Peter Maydell, 2023/04/20
- [PULL 05/21] hw/arm: Add WDT to Allwinner-H3 and Orangepi-PC, Peter Maydell, 2023/04/20
- [PULL 04/21] hw/arm: Add WDT to Allwinner-A10 and Cubieboard, Peter Maydell, 2023/04/20
- [PULL 06/21] tests/avocado: Add reboot tests to Cubieboard, Peter Maydell, 2023/04/20
- [PULL 09/21] target/arm: Remove KVM AArch32 CPU definitions, Peter Maydell, 2023/04/20
- [PULL 18/21] fsl-imx6ul: Add fec[12]-phy-connected properties, Peter Maydell, 2023/04/20
- [PULL 17/21] hw/net/imx_fec: Support two Ethernet interfaces connected to single MDIO bus, Peter Maydell, 2023/04/20
- [PULL 14/21] target/arm: Implement FEAT_PAN3, Peter Maydell, 2023/04/20
- [PULL 02/21] exynos: Fix out-of-bounds access in exynos4210_gcomp_find debug printf,
Peter Maydell <=
- [PULL 07/21] hw/timer/imx_epit: don't shadow variable, Peter Maydell, 2023/04/20
- [PULL 03/21] hw/watchdog: Allwinner WDT emulation for system reset, Peter Maydell, 2023/04/20
- [PULL 08/21] hw/timer/imx_epit: fix limit check, Peter Maydell, 2023/04/20
- [PULL 11/21] target/arm: Initialize debug capabilities only once, Peter Maydell, 2023/04/20
- [PULL 21/21] arm/mcimx7d-sabre: Set fec2-phy-connected property to false, Peter Maydell, 2023/04/20
- [PULL 10/21] hw/arm/virt: Restrict Cortex-A7 check to TCG, Peter Maydell, 2023/04/20
- [PULL 12/21] target/arm: Pass ARMMMUFaultInfo to merge_syn_data_abort(), Peter Maydell, 2023/04/20
- [PULL 13/21] target/arm: Don't set ISV when reporting stage 1 faults in ESR_EL2, Peter Maydell, 2023/04/20
- [PULL 15/21] docs/devel/kconfig.rst: Fix incorrect markup, Peter Maydell, 2023/04/20
- [PULL 16/21] target/arm: Report pauth information to gdb as 'pauth_v2', Peter Maydell, 2023/04/20