gwj / at91sam9263 · Commits

Commit 8f2ad0a3fc5e3569183d44bf1c7fcb95294be4c0

Authored by blueswir1
1 parent 20483400

Fix buffer overruns (reported by Julian Seward) 

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4752 c046a42c-6fe2-441c-8c8c-71466251a162
Inline Side-by-side
Showing 1 changed file with 29 additions and 33 deletions
hw/eccmemctl.c
  View file @8f2ad0a
... ... @@ -40,16 +40,16 @@
40 40 * SMC (version 0, implementation 2) SS-10SX and SS-20
41 41 */
42 42  
43   -/* Register offsets */
44   -#define ECC_MER 0 /* Memory Enable Register */
45   -#define ECC_MDR 4 /* Memory Delay Register */
46   -#define ECC_MFSR 8 /* Memory Fault Status Register */
47   -#define ECC_VCR 12 /* Video Configuration Register */
48   -#define ECC_MFAR0 16 /* Memory Fault Address Register 0 */
49   -#define ECC_MFAR1 20 /* Memory Fault Address Register 1 */
50   -#define ECC_DR 24 /* Diagnostic Register */
51   -#define ECC_ECR0 28 /* Event Count Register 0 */
52   -#define ECC_ECR1 32 /* Event Count Register 1 */
  43 +/* Register indexes */
  44 +#define ECC_MER 0 /* Memory Enable Register */
  45 +#define ECC_MDR 1 /* Memory Delay Register */
  46 +#define ECC_MFSR 2 /* Memory Fault Status Register */
  47 +#define ECC_VCR 3 /* Video Configuration Register */
  48 +#define ECC_MFAR0 4 /* Memory Fault Address Register 0 */
  49 +#define ECC_MFAR1 5 /* Memory Fault Address Register 1 */
  50 +#define ECC_DR 6 /* Diagnostic Register */
  51 +#define ECC_ECR0 7 /* Event Count Register 0 */
  52 +#define ECC_ECR1 8 /* Event Count Register 1 */
53 53  
54 54 /* ECC fault control register */
55 55 #define ECC_MER_EE 0x00000001 /* Enable ECC checking */
... ... @@ -129,34 +129,34 @@ static void ecc_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
129 129 {
130 130 ECCState *s = opaque;
131 131  
132   - switch (addr & ECC_ADDR_MASK) {
  132 + switch ((addr & ECC_ADDR_MASK) >> 2) {
133 133 case ECC_MER:
134   - s->regs[0] = (s->regs[0] & (ECC_MER_VER | ECC_MER_IMPL)) |
135   - (val & ~(ECC_MER_VER | ECC_MER_IMPL));
  134 + s->regs[ECC_MER] = (s->regs[ECC_MER] & (ECC_MER_VER | ECC_MER_IMPL)) |
  135 + (val & ~(ECC_MER_VER | ECC_MER_IMPL));
136 136 DPRINTF("Write memory enable %08x\n", val);
137 137 break;
138 138 case ECC_MDR:
139   - s->regs[1] = val & ECC_MDR_MASK;
  139 + s->regs[ECC_MDR] = val & ECC_MDR_MASK;
140 140 DPRINTF("Write memory delay %08x\n", val);
141 141 break;
142 142 case ECC_MFSR:
143   - s->regs[2] = val;
  143 + s->regs[ECC_MFSR] = val;
144 144 DPRINTF("Write memory fault status %08x\n", val);
145 145 break;
146 146 case ECC_VCR:
147   - s->regs[3] = val;
  147 + s->regs[ECC_VCR] = val;
148 148 DPRINTF("Write slot configuration %08x\n", val);
149 149 break;
150 150 case ECC_DR:
151   - s->regs[6] = val;
  151 + s->regs[ECC_DR] = val;
152 152 DPRINTF("Write diagnosiic %08x\n", val);
153 153 break;
154 154 case ECC_ECR0:
155   - s->regs[7] = val;
  155 + s->regs[ECC_ECR0] = val;
156 156 DPRINTF("Write event count 1 %08x\n", val);
157 157 break;
158 158 case ECC_ECR1:
159   - s->regs[7] = val;
  159 + s->regs[ECC_ECR0] = val;
160 160 DPRINTF("Write event count 2 %08x\n", val);
161 161 break;
162 162 }
... ... @@ -167,41 +167,41 @@ static uint32_t ecc_mem_readl(void *opaque, target_phys_addr_t addr)
167 167 ECCState *s = opaque;
168 168 uint32_t ret = 0;
169 169  
170   - switch (addr & ECC_ADDR_MASK) {
  170 + switch ((addr & ECC_ADDR_MASK) >> 2) {
171 171 case ECC_MER:
172   - ret = s->regs[0];
  172 + ret = s->regs[ECC_MER];
173 173 DPRINTF("Read memory enable %08x\n", ret);
174 174 break;
175 175 case ECC_MDR:
176   - ret = s->regs[1];
  176 + ret = s->regs[ECC_MDR];
177 177 DPRINTF("Read memory delay %08x\n", ret);
178 178 break;
179 179 case ECC_MFSR:
180   - ret = s->regs[2];
  180 + ret = s->regs[ECC_MFSR];
181 181 DPRINTF("Read memory fault status %08x\n", ret);
182 182 break;
183 183 case ECC_VCR:
184   - ret = s->regs[3];
  184 + ret = s->regs[ECC_VCR];
185 185 DPRINTF("Read slot configuration %08x\n", ret);
186 186 break;
187 187 case ECC_MFAR0:
188   - ret = s->regs[4];
  188 + ret = s->regs[ECC_MFAR0];
189 189 DPRINTF("Read memory fault address 0 %08x\n", ret);
190 190 break;
191 191 case ECC_MFAR1:
192   - ret = s->regs[5];
  192 + ret = s->regs[ECC_MFAR1];
193 193 DPRINTF("Read memory fault address 1 %08x\n", ret);
194 194 break;
195 195 case ECC_DR:
196   - ret = s->regs[6];
  196 + ret = s->regs[ECC_DR];
197 197 DPRINTF("Read diagnostic %08x\n", ret);
198 198 break;
199 199 case ECC_ECR0:
200   - ret = s->regs[7];
  200 + ret = s->regs[ECC_ECR0];
201 201 DPRINTF("Read event count 1 %08x\n", ret);
202 202 break;
203 203 case ECC_ECR1:
204   - ret = s->regs[7];
  204 + ret = s->regs[ECC_ECR0];
205 205 DPRINTF("Read event count 2 %08x\n", ret);
206 206 break;
207 207 }
... ... @@ -281,7 +281,6 @@ static void ecc_save(QEMUFile *f, void *opaque)
281 281 static void ecc_reset(void *opaque)
282 282 {
283 283 ECCState *s = opaque;
284   - int i;
285 284  
286 285 s->regs[ECC_MER] &= (ECC_MER_VER | ECC_MER_IMPL);
287 286 s->regs[ECC_MER] |= ECC_MER_MRR;
... ... @@ -293,9 +292,6 @@ static void ecc_reset(void *opaque)
293 292 s->regs[ECC_DR] = 0;
294 293 s->regs[ECC_ECR0] = 0;
295 294 s->regs[ECC_ECR1] = 0;
296   -
297   - for (i = 1; i < ECC_NREGS; i++)
298   - s->regs[i] = 0;
299 295 }
300 296  
301 297 void * ecc_init(target_phys_addr_t base, qemu_irq irq, uint32_t version)
... ...