Clang's static analyzer drew my attention to the mishandling of the register pointer in ds1338_send(); one thing led to another and I fixed a few other things while I was there.
There seems a reasonable chance that the overrun of nvram[] is guest-exploitable, but I assume nobody treats realview or versatilepb models as a security boundary... Peter Maydell (4): hw/ds1338: Fix mishandling of register pointer hw/ds1338: Recapture current time when register pointer wraps around hw/ds1338: Remove 'now' field from state struct hw/ds1338: Implement state save/restore hw/ds1338.c | 123 +++++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 86 insertions(+), 37 deletions(-) -- 1.7.9.5
