aboutsummaryrefslogtreecommitdiff
path: root/hw/arm/pxa2xx.c
diff options
context:
space:
mode:
Diffstat (limited to 'hw/arm/pxa2xx.c')
-rw-r--r--hw/arm/pxa2xx.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 04291488e4..e0cd847b95 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -732,7 +732,7 @@ static void pxa2xx_ssp_save(QEMUFile *f, void *opaque)
static int pxa2xx_ssp_load(QEMUFile *f, void *opaque, int version_id)
{
PXA2xxSSPState *s = (PXA2xxSSPState *) opaque;
- int i;
+ int i, v;
s->enable = qemu_get_be32(f);
@@ -746,7 +746,11 @@ static int pxa2xx_ssp_load(QEMUFile *f, void *opaque, int version_id)
qemu_get_8s(f, &s->ssrsa);
qemu_get_8s(f, &s->ssacd);
- s->rx_level = qemu_get_byte(f);
+ v = qemu_get_byte(f);
+ if (v < 0 || v > ARRAY_SIZE(s->rx_fifo)) {
+ return -EINVAL;
+ }
+ s->rx_level = v;
s->rx_start = 0;
for (i = 0; i < s->rx_level; i ++)
s->rx_fifo[i] = qemu_get_byte(f);
generated by cgit v1.2.3 (git 2.26.2) at 2024-12-12 08:47:53 +0000