Commit f3d8b1eb105199a1d6bf063a8a574e782689909a
1 parent
563e3c6e
array overflow in hw/stellaris.c and hw/omap_dss.c
(Jindrich Makovicka) git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5064 c046a42c-6fe2-441c-8c8c-71466251a162
Showing
2 changed files
with
4 additions
and
3 deletions
hw/omap_dss.c
| @@ -53,7 +53,7 @@ struct omap_dss_s { | @@ -53,7 +53,7 @@ struct omap_dss_s { | ||
| 53 | uint32_t control; | 53 | uint32_t control; |
| 54 | uint32_t config; | 54 | uint32_t config; |
| 55 | uint32_t capable; | 55 | uint32_t capable; |
| 56 | - uint32_t timing[3]; | 56 | + uint32_t timing[4]; |
| 57 | int line; | 57 | int line; |
| 58 | uint32_t bg[2]; | 58 | uint32_t bg[2]; |
| 59 | uint32_t trans[2]; | 59 | uint32_t trans[2]; |
| @@ -148,6 +148,7 @@ void omap_dss_reset(struct omap_dss_s *s) | @@ -148,6 +148,7 @@ void omap_dss_reset(struct omap_dss_s *s) | ||
| 148 | s->dispc.timing[0] = 0; | 148 | s->dispc.timing[0] = 0; |
| 149 | s->dispc.timing[1] = 0; | 149 | s->dispc.timing[1] = 0; |
| 150 | s->dispc.timing[2] = 0; | 150 | s->dispc.timing[2] = 0; |
| 151 | + s->dispc.timing[3] = 0; | ||
| 151 | s->dispc.line = 0; | 152 | s->dispc.line = 0; |
| 152 | s->dispc.bg[0] = 0; | 153 | s->dispc.bg[0] = 0; |
| 153 | s->dispc.bg[1] = 0; | 154 | s->dispc.bg[1] = 0; |
hw/stellaris.c
| @@ -1308,8 +1308,8 @@ static void stellaris_init(const char *kernel_filename, const char *cpu_model, | @@ -1308,8 +1308,8 @@ static void stellaris_init(const char *kernel_filename, const char *cpu_model, | ||
| 1308 | static const int gpio_irq[7] = {0, 1, 2, 3, 4, 30, 31}; | 1308 | static const int gpio_irq[7] = {0, 1, 2, 3, 4, 30, 31}; |
| 1309 | 1309 | ||
| 1310 | qemu_irq *pic; | 1310 | qemu_irq *pic; |
| 1311 | - qemu_irq *gpio_in[5]; | ||
| 1312 | - qemu_irq *gpio_out[5]; | 1311 | + qemu_irq *gpio_in[7]; |
| 1312 | + qemu_irq *gpio_out[7]; | ||
| 1313 | qemu_irq adc; | 1313 | qemu_irq adc; |
| 1314 | int sram_size; | 1314 | int sram_size; |
| 1315 | int flash_size; | 1315 | int flash_size; |