On 07/05/14 20:56, Paolo Bonzini wrote:
Il 05/03/2014 11:05, Paolo Bonzini ha scritto:
Il 19/02/2014 10:05, Mark Cave-Ayland ha scritto:
+#define CG3_REG_SIZE 0x20
+
+#define CG3_REG_FBC_CTRL 0x10
+#define CG3_REG_FBC_STATUS 0x11
+#define CG3_REG_FBC_CURSTART 0x12
+#define CG3_REG_FBC_CUREND 0x13
+#define CG3_REG_FBC_VCTRL 0x14
+
+typedef struct CG3State {
...
+ uint8_t regs[16];
...
+ case CG3_REG_FBC_CURSTART ... CG3_REG_SIZE:
+ val = s->regs[addr - 0x10];
+ break;
+ default:
Something weird here, you can access regs[16] if addr == CG3_REG_SIZE.
The same happens in the write path.
Ping. I cannot fix it without access to the datasheet, though I suspect
you want CG3_REG_SIZE - 1.
Hi Paolo,
Sorry I didn't think you could access regs[16] since the MemoryRegion
size is set to CG3_REG_SIZE too (and so I hope should only handle
accesses from 0 to CG3_REG_SIZE - 1).
Anyway, I've quickly tried a Solaris 8 boot test replacing CG3_REG_SIZE
with CG3_REG_SIZE - 1 for the case statements in both the read and write
paths and everything still works, so happy for you to go ahead and fix it.
ATB,
Mark.
