gwj / at91sam9263 · Commits

Commit 8f2ad0a3fc5e3569183d44bf1c7fcb95294be4c0

Authored by blueswir1
1 parent 20483400

Fix buffer overruns (reported by Julian Seward) 

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4752 c046a42c-6fe2-441c-8c8c-71466251a162
Inline Side-by-side
Showing 1 changed file with 29 additions and 33 deletions
hw/eccmemctl.c
  View file @8f2ad0a
@@ -40,16 +40,16 @@ @@ -40,16 +40,16 @@
40 * SMC (version 0, implementation 2) SS-10SX and SS-20 40 * SMC (version 0, implementation 2) SS-10SX and SS-20
41 */ 41 */
42 42
43 -/* Register offsets */  
44 -#define ECC_MER 0 /* Memory Enable Register */  
45 -#define ECC_MDR 4 /* Memory Delay Register */  
46 -#define ECC_MFSR 8 /* Memory Fault Status Register */  
47 -#define ECC_VCR 12 /* Video Configuration Register */  
48 -#define ECC_MFAR0 16 /* Memory Fault Address Register 0 */  
49 -#define ECC_MFAR1 20 /* Memory Fault Address Register 1 */  
50 -#define ECC_DR 24 /* Diagnostic Register */  
51 -#define ECC_ECR0 28 /* Event Count Register 0 */  
52 -#define ECC_ECR1 32 /* Event Count Register 1 */ 43 +/* Register indexes */
  44 +#define ECC_MER 0 /* Memory Enable Register */
  45 +#define ECC_MDR 1 /* Memory Delay Register */
  46 +#define ECC_MFSR 2 /* Memory Fault Status Register */
  47 +#define ECC_VCR 3 /* Video Configuration Register */
  48 +#define ECC_MFAR0 4 /* Memory Fault Address Register 0 */
  49 +#define ECC_MFAR1 5 /* Memory Fault Address Register 1 */
  50 +#define ECC_DR 6 /* Diagnostic Register */
  51 +#define ECC_ECR0 7 /* Event Count Register 0 */
  52 +#define ECC_ECR1 8 /* Event Count Register 1 */
53 53
54 /* ECC fault control register */ 54 /* ECC fault control register */
55 #define ECC_MER_EE 0x00000001 /* Enable ECC checking */ 55 #define ECC_MER_EE 0x00000001 /* Enable ECC checking */
@@ -129,34 +129,34 @@ static void ecc_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val) @@ -129,34 +129,34 @@ static void ecc_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
129 { 129 {
130 ECCState *s = opaque; 130 ECCState *s = opaque;
131 131
132 - switch (addr & ECC_ADDR_MASK) { 132 + switch ((addr & ECC_ADDR_MASK) >> 2) {
133 case ECC_MER: 133 case ECC_MER:
134 - s->regs[0] = (s->regs[0] & (ECC_MER_VER | ECC_MER_IMPL)) |  
135 - (val & ~(ECC_MER_VER | ECC_MER_IMPL)); 134 + s->regs[ECC_MER] = (s->regs[ECC_MER] & (ECC_MER_VER | ECC_MER_IMPL)) |
  135 + (val & ~(ECC_MER_VER | ECC_MER_IMPL));
136 DPRINTF("Write memory enable %08x\n", val); 136 DPRINTF("Write memory enable %08x\n", val);
137 break; 137 break;
138 case ECC_MDR: 138 case ECC_MDR:
139 - s->regs[1] = val & ECC_MDR_MASK; 139 + s->regs[ECC_MDR] = val & ECC_MDR_MASK;
140 DPRINTF("Write memory delay %08x\n", val); 140 DPRINTF("Write memory delay %08x\n", val);
141 break; 141 break;
142 case ECC_MFSR: 142 case ECC_MFSR:
143 - s->regs[2] = val; 143 + s->regs[ECC_MFSR] = val;
144 DPRINTF("Write memory fault status %08x\n", val); 144 DPRINTF("Write memory fault status %08x\n", val);
145 break; 145 break;
146 case ECC_VCR: 146 case ECC_VCR:
147 - s->regs[3] = val; 147 + s->regs[ECC_VCR] = val;
148 DPRINTF("Write slot configuration %08x\n", val); 148 DPRINTF("Write slot configuration %08x\n", val);
149 break; 149 break;
150 case ECC_DR: 150 case ECC_DR:
151 - s->regs[6] = val; 151 + s->regs[ECC_DR] = val;
152 DPRINTF("Write diagnosiic %08x\n", val); 152 DPRINTF("Write diagnosiic %08x\n", val);
153 break; 153 break;
154 case ECC_ECR0: 154 case ECC_ECR0:
155 - s->regs[7] = val; 155 + s->regs[ECC_ECR0] = val;
156 DPRINTF("Write event count 1 %08x\n", val); 156 DPRINTF("Write event count 1 %08x\n", val);
157 break; 157 break;
158 case ECC_ECR1: 158 case ECC_ECR1:
159 - s->regs[7] = val; 159 + s->regs[ECC_ECR0] = val;
160 DPRINTF("Write event count 2 %08x\n", val); 160 DPRINTF("Write event count 2 %08x\n", val);
161 break; 161 break;
162 } 162 }
@@ -167,41 +167,41 @@ static uint32_t ecc_mem_readl(void *opaque, target_phys_addr_t addr) @@ -167,41 +167,41 @@ static uint32_t ecc_mem_readl(void *opaque, target_phys_addr_t addr)
167 ECCState *s = opaque; 167 ECCState *s = opaque;
168 uint32_t ret = 0; 168 uint32_t ret = 0;
169 169
170 - switch (addr & ECC_ADDR_MASK) { 170 + switch ((addr & ECC_ADDR_MASK) >> 2) {
171 case ECC_MER: 171 case ECC_MER:
172 - ret = s->regs[0]; 172 + ret = s->regs[ECC_MER];
173 DPRINTF("Read memory enable %08x\n", ret); 173 DPRINTF("Read memory enable %08x\n", ret);
174 break; 174 break;
175 case ECC_MDR: 175 case ECC_MDR:
176 - ret = s->regs[1]; 176 + ret = s->regs[ECC_MDR];
177 DPRINTF("Read memory delay %08x\n", ret); 177 DPRINTF("Read memory delay %08x\n", ret);
178 break; 178 break;
179 case ECC_MFSR: 179 case ECC_MFSR:
180 - ret = s->regs[2]; 180 + ret = s->regs[ECC_MFSR];
181 DPRINTF("Read memory fault status %08x\n", ret); 181 DPRINTF("Read memory fault status %08x\n", ret);
182 break; 182 break;
183 case ECC_VCR: 183 case ECC_VCR:
184 - ret = s->regs[3]; 184 + ret = s->regs[ECC_VCR];
185 DPRINTF("Read slot configuration %08x\n", ret); 185 DPRINTF("Read slot configuration %08x\n", ret);
186 break; 186 break;
187 case ECC_MFAR0: 187 case ECC_MFAR0:
188 - ret = s->regs[4]; 188 + ret = s->regs[ECC_MFAR0];
189 DPRINTF("Read memory fault address 0 %08x\n", ret); 189 DPRINTF("Read memory fault address 0 %08x\n", ret);
190 break; 190 break;
191 case ECC_MFAR1: 191 case ECC_MFAR1:
192 - ret = s->regs[5]; 192 + ret = s->regs[ECC_MFAR1];
193 DPRINTF("Read memory fault address 1 %08x\n", ret); 193 DPRINTF("Read memory fault address 1 %08x\n", ret);
194 break; 194 break;
195 case ECC_DR: 195 case ECC_DR:
196 - ret = s->regs[6]; 196 + ret = s->regs[ECC_DR];
197 DPRINTF("Read diagnostic %08x\n", ret); 197 DPRINTF("Read diagnostic %08x\n", ret);
198 break; 198 break;
199 case ECC_ECR0: 199 case ECC_ECR0:
200 - ret = s->regs[7]; 200 + ret = s->regs[ECC_ECR0];
201 DPRINTF("Read event count 1 %08x\n", ret); 201 DPRINTF("Read event count 1 %08x\n", ret);
202 break; 202 break;
203 case ECC_ECR1: 203 case ECC_ECR1:
204 - ret = s->regs[7]; 204 + ret = s->regs[ECC_ECR0];
205 DPRINTF("Read event count 2 %08x\n", ret); 205 DPRINTF("Read event count 2 %08x\n", ret);
206 break; 206 break;
207 } 207 }
@@ -281,7 +281,6 @@ static void ecc_save(QEMUFile *f, void *opaque) @@ -281,7 +281,6 @@ static void ecc_save(QEMUFile *f, void *opaque)
281 static void ecc_reset(void *opaque) 281 static void ecc_reset(void *opaque)
282 { 282 {
283 ECCState *s = opaque; 283 ECCState *s = opaque;
284 - int i;  
285 284
286 s->regs[ECC_MER] &= (ECC_MER_VER | ECC_MER_IMPL); 285 s->regs[ECC_MER] &= (ECC_MER_VER | ECC_MER_IMPL);
287 s->regs[ECC_MER] |= ECC_MER_MRR; 286 s->regs[ECC_MER] |= ECC_MER_MRR;
@@ -293,9 +292,6 @@ static void ecc_reset(void *opaque) @@ -293,9 +292,6 @@ static void ecc_reset(void *opaque)
293 s->regs[ECC_DR] = 0; 292 s->regs[ECC_DR] = 0;
294 s->regs[ECC_ECR0] = 0; 293 s->regs[ECC_ECR0] = 0;
295 s->regs[ECC_ECR1] = 0; 294 s->regs[ECC_ECR1] = 0;
296 -  
297 - for (i = 1; i < ECC_NREGS; i++)  
298 - s->regs[i] = 0;  
299 } 295 }
300 296
301 void * ecc_init(target_phys_addr_t base, qemu_irq irq, uint32_t version) 297 void * ecc_init(target_phys_addr_t base, qemu_irq irq, uint32_t version)