Check s->rx_fifo before pushing data into it.
Fixes: 58ac482a66de ("introduce xlnx-dp")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1419
Reported-by: Qiang Liu <cyruscy...@gmail.com>
Signed-off-by: Qiang Liu <cyruscy...@gmail.com>
---
hw/display/xlnx_dp.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c
index 322e2faadd..972473d94f 100644
--- a/hw/display/xlnx_dp.c
+++ b/hw/display/xlnx_dp.c
@@ -508,6 +508,10 @@ static void xlnx_dp_aux_set_command(XlnxDPState *s,
uint32_t value)
case READ_AUX:
case READ_I2C:
case READ_I2C_MOT:
+ if (nbytes > fifo8_num_free(&s->rx_fifo)) {
+ qemu_log_mask(LOG_GUEST_ERROR, "xlnx_dp: RX length > available
fifo data length");
+ nbytes = fifo8_num_free(&s->rx_fifo);
+ }
s->core_registers[DP_AUX_REPLY_CODE] = aux_request(s->aux_bus, cmd,
xlnx_dp_aux_get_address(s),
nbytes, buf);
--
2.25.1
