subject:"\[Qemu\-devel\] \[PATCH\] cadence_uart\: bounds check write offset"

Re: [Qemu-devel] [PATCH] cadence_uart: bounds check write offset

2016-04-19 Thread Peter Maydell

On 18 April 2016 at 21:50, Alistair Francis wrote: > On Mon, Apr 18, 2016 at 3:10 AM, Peter Maydell > wrote: >> CCing the maintainers for this device... >> >> On 18 April 2016 at 11:07, Michael S. Tsirkin wrote: >>> cadence_uart_init() initializes an I/O memory region of size 0x1000 >>> bytes.

Re: [Qemu-devel] [PATCH] cadence_uart: bounds check write offset

2016-04-18 Thread Alistair Francis

On Mon, Apr 18, 2016 at 3:10 AM, Peter Maydell wrote: > CCing the maintainers for this device... > > On 18 April 2016 at 11:07, Michael S. Tsirkin wrote: >> cadence_uart_init() initializes an I/O memory region of size 0x1000 >> bytes. However in uart_write(), the 'offset' parameter (offset withi

Re: [Qemu-devel] [PATCH] cadence_uart: bounds check write offset

2016-04-18 Thread Peter Maydell

CCing the maintainers for this device... On 18 April 2016 at 11:07, Michael S. Tsirkin wrote: > cadence_uart_init() initializes an I/O memory region of size 0x1000 > bytes. However in uart_write(), the 'offset' parameter (offset within > region) is divided by 4 and then used to index the array '

[Qemu-devel] [PATCH] cadence_uart: bounds check write offset

2016-04-18 Thread Michael S. Tsirkin

cadence_uart_init() initializes an I/O memory region of size 0x1000 bytes. However in uart_write(), the 'offset' parameter (offset within region) is divided by 4 and then used to index the array 'r' of size CADENCE_UART_R_MAX which is much smaller: (0x48/4). If 'offset>>=2' exceeds CADENCE_UART_R

Re: [Qemu-devel] [PATCH] cadence_uart: bounds check write offset

Re: [Qemu-devel] [PATCH] cadence_uart: bounds check write offset

Re: [Qemu-devel] [PATCH] cadence_uart: bounds check write offset

[Qemu-devel] [PATCH] cadence_uart: bounds check write offset

4 matches

Site Navigation

Mail list logo

Footer information