diff options
| author | Stefan Weil <sw@weilnetz.de> | 2012-09-01 11:12:23 +0200 |
|---|---|---|
| committer | Michael Roth <mdroth@linux.vnet.ibm.com> | 2012-10-11 21:44:20 -0500 |
| commit | 96d90d32ac4f3f2d39e0df881e0a9b12007a6d0d (patch) | |
| tree | 9e0c7f2d44ef8dfda7e1cc73fccdf16554011844 /hw | |
| parent | 3c980e22acc8fcb070688417eb0d6d35d80c2b6b (diff) | |
cadence_uart: Fix buffer overflow
Report from smatch:
hw/cadence_uart.c:413 uart_read(13) error: buffer overflow 's->r' 18 <= 18
This fixes read access to s->r[R_MAX] which is behind the limits of s->r.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 5d40097fc09fe5d34cf316a411dc27d455ac2cd0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/cadence_uart.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/cadence_uart.c b/hw/cadence_uart.c index d98e531372..f8afc4ed26 100644 --- a/hw/cadence_uart.c +++ b/hw/cadence_uart.c @@ -404,7 +404,7 @@ static uint64_t uart_read(void *opaque, target_phys_addr_t offset, uint32_t c = 0; offset >>= 2; - if (offset > R_MAX) { + if (offset >= R_MAX) { return 0; } else if (offset == R_TX_RX) { uart_read_rx_fifo(s, &c); |