aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Weil <sw@weilnetz.de>2012-09-01 11:12:23 +0200
committerStefan Hajnoczi <stefanha@gmail.com>2012-09-23 07:11:28 +0100
commit5d40097fc09fe5d34cf316a411dc27d455ac2cd0 (patch)
tree0b69da57b9db89538f97491d658151ff37f2b17f
parent39b384591fda27d6e1213cea0b11b1ebe0ed4b74 (diff)
cadence_uart: Fix buffer overflow
Report from smatch: hw/cadence_uart.c:413 uart_read(13) error: buffer overflow 's->r' 18 <= 18 This fixes read access to s->r[R_MAX] which is behind the limits of s->r. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
-rw-r--r--hw/cadence_uart.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/cadence_uart.c b/hw/cadence_uart.c
index d98e531372..f8afc4ed26 100644
--- a/hw/cadence_uart.c
+++ b/hw/cadence_uart.c
@@ -404,7 +404,7 @@ static uint64_t uart_read(void *opaque, target_phys_addr_t offset,
uint32_t c = 0;
offset >>= 2;
- if (offset > R_MAX) {
+ if (offset >= R_MAX) {
return 0;
} else if (offset == R_TX_RX) {
uart_read_rx_fifo(s, &c);