On 10/10/2017 08:54 AM, Peter Maydell wrote: > This calculation of the first exception vector in > the ITNS<n> register being accessed: > int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ; > > is incorrect, because offset is in bytes, so we only want > to multiply by 8. > > Spotted by Coverity (CID 1381484, CID 1381488), though it is > not correct that it actually overflows the buffer, because > we have a 'startvec + i < s->num_irq' guard. > > Signed-off-by: Peter Maydell <[email protected]> > --- > Oops. I guess this is what Coverity is there to catch :-) > > hw/intc/armv7m_nvic.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Richard Henderson <[email protected]> r~
