On Fri, May 9, 2014 at 4:46 AM, Peter Maydell <[email protected]> wrote: > In fill_prefetch_fifo(), if the device we are reading from is 16 bit, > then we must not try to transfer an odd number of bytes into the FIFO. > This could otherwise have resulted in our overrunning the prefetch.fifo > array by one byte. > > Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Peter Crosthwaite <[email protected]> > --- > Spotted by Coverity. I suspect Coverity is not smart enough > to figure out that this change really does prevent the overrun, > though :-( > --- > hw/misc/omap_gpmc.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/hw/misc/omap_gpmc.c b/hw/misc/omap_gpmc.c > index 2047274..cddea24 100644 > --- a/hw/misc/omap_gpmc.c > +++ b/hw/misc/omap_gpmc.c > @@ -242,6 +242,10 @@ static void fill_prefetch_fifo(struct omap_gpmc_s *s) > if (bytes > s->prefetch.count) { > bytes = s->prefetch.count; > } > + if (is16bit) { > + bytes &= ~1; > + } > + > s->prefetch.count -= bytes; > s->prefetch.fifopointer += bytes; > fptr = 64 - s->prefetch.fifopointer; > -- > 1.9.2 > >
