From: Prasad J Pandit <p...@fedoraproject.org>
The Cadence UART device emulator calculates speed by dividing the
baud rate by a divider. If this divider was to be zero or if baud
rate was to be lesser than the divider, it could lead to a divide
by zero error. Add check to avoid it.
Reported-by: Huawei PSIRT <ps...@huawei.com>
Signed-off-by: Prasad J Pandit <p...@fedoraproject.org>
---
hw/char/cadence_uart.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
index e3bc52f..b18dd7f 100644
--- a/hw/char/cadence_uart.c
+++ b/hw/char/cadence_uart.c
@@ -170,6 +170,10 @@ static void uart_parameters_setup(CadenceUARTState *s)
baud_rate = (s->r[R_MR] & UART_MR_CLKS) ?
UART_INPUT_CLK / 8 : UART_INPUT_CLK;
+ if (!s->r[R_BRGR] || !(s->r[R_BDIV] + 1)
+ || baud_rate < (s->r[R_BRGR] * (s->r[R_BDIV] + 1))) {
+ return;
+ }
ssp.speed = baud_rate / (s->r[R_BRGR] * (s->r[R_BDIV] + 1));
packet_size = 1;
--
2.7.4
