xemu-project/xemu
1
0
Fork 0
mirror of https://github.com/xemu-project/xemu.git synced 2025-02-15 01:29:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

hpet: Catch out-of-bounds timer access

Browse Source 
Also prevent out-of-bounds write access to the timers but don't spam the
host console if it triggers.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This commit is contained in:
Jan Kiszka 2010-06-13 14:15:34 +02:00 committed by Blue Swirl
parent c3d96978d0
commit 6982d6647e
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
hw/hpet.c
View File

@ -294,7 +294,7 @@ static uint32_t hpet_ram_readl(void *opaque, target_phys_addr_t addr)
if (index >= 0x100 && index <= 0x3ff) { if (index >= 0x100 && index <= 0x3ff) {
uint8_t timer_id = (addr - 0x100) / 0x20; uint8_t timer_id = (addr - 0x100) / 0x20;
if (timer_id > HPET_NUM_TIMERS - 1) { if (timer_id > HPET_NUM_TIMERS - 1) {
printf("qemu: timer id out of range\n"); DPRINTF("qemu: timer id out of range\n");
return 0; return 0;
} }
HPETTimer *timer = &s->timer[timer_id]; HPETTimer *timer = &s->timer[timer_id];
@ -383,6 +383,10 @@ static void hpet_ram_writel(void *opaque, target_phys_addr_t addr,
DPRINTF("qemu: hpet_ram_writel timer_id = %#x \n", timer_id); DPRINTF("qemu: hpet_ram_writel timer_id = %#x \n", timer_id);
HPETTimer *timer = &s->timer[timer_id]; HPETTimer *timer = &s->timer[timer_id];
if (timer_id > HPET_NUM_TIMERS - 1) {
DPRINTF("qemu: timer id out of range\n");
return;
}
switch ((addr - 0x100) % 0x20) { switch ((addr - 0x100) % 0x20) {
case HPET_TN_CFG: case HPET_TN_CFG:
DPRINTF("qemu: hpet_ram_writel HPET_TN_CFG\n"); DPRINTF("qemu: hpet_ram_writel HPET_TN_CFG\n");