From eeae2e7b52255dae0976a027b6e11274990c708d Mon Sep 17 00:00:00 2001 From: Liu Yu-B13201 Date: Thu, 29 Sep 2011 17:52:50 +0000 Subject: [PATCH] ppc/e500_pci: Fix an array overflow issue When access PPCE500_PCI_IW1 the previous index get overflow. The patch fix the issue and update all to keep consistent style. Signed-off-by: Liu Yu Signed-off-by: Alexander Graf --- hw/ppce500_pci.c | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/hw/ppce500_pci.c b/hw/ppce500_pci.c index 0ece422446..960a5d0c60 100644 --- a/hw/ppce500_pci.c +++ b/hw/ppce500_pci.c @@ -89,6 +89,7 @@ static uint32_t pci_reg_read4(void *opaque, target_phys_addr_t addr) PPCE500PCIState *pci = opaque; unsigned long win; uint32_t value = 0; + int idx; win = addr & 0xfe0; @@ -97,18 +98,19 @@ static uint32_t pci_reg_read4(void *opaque, target_phys_addr_t addr) case PPCE500_PCI_OW2: case PPCE500_PCI_OW3: case PPCE500_PCI_OW4: + idx = (addr >> 5) & 0x7; switch (addr & 0xC) { case PCI_POTAR: - value = pci->pob[(addr >> 5) & 0x7].potar; + value = pci->pob[idx].potar; break; case PCI_POTEAR: - value = pci->pob[(addr >> 5) & 0x7].potear; + value = pci->pob[idx].potear; break; case PCI_POWBAR: - value = pci->pob[(addr >> 5) & 0x7].powbar; + value = pci->pob[idx].powbar; break; case PCI_POWAR: - value = pci->pob[(addr >> 5) & 0x7].powar; + value = pci->pob[idx].powar; break; default: break; @@ -118,18 +120,19 @@ static uint32_t pci_reg_read4(void *opaque, target_phys_addr_t addr) case PPCE500_PCI_IW3: case PPCE500_PCI_IW2: case PPCE500_PCI_IW1: + idx = ((addr >> 5) & 0x3) - 1; switch (addr & 0xC) { case PCI_PITAR: - value = pci->pib[(addr >> 5) & 0x3].pitar; + value = pci->pib[idx].pitar; break; case PCI_PIWBAR: - value = pci->pib[(addr >> 5) & 0x3].piwbar; + value = pci->pib[idx].piwbar; break; case PCI_PIWBEAR: - value = pci->pib[(addr >> 5) & 0x3].piwbear; + value = pci->pib[idx].piwbear; break; case PCI_PIWAR: - value = pci->pib[(addr >> 5) & 0x3].piwar; + value = pci->pib[idx].piwar; break; default: break; @@ -160,6 +163,7 @@ static void pci_reg_write4(void *opaque, target_phys_addr_t addr, { PPCE500PCIState *pci = opaque; unsigned long win; + int idx; win = addr & 0xfe0; @@ -171,18 +175,19 @@ static void pci_reg_write4(void *opaque, target_phys_addr_t addr, case PPCE500_PCI_OW2: case PPCE500_PCI_OW3: case PPCE500_PCI_OW4: + idx = (addr >> 5) & 0x7; switch (addr & 0xC) { case PCI_POTAR: - pci->pob[(addr >> 5) & 0x7].potar = value; + pci->pob[idx].potar = value; break; case PCI_POTEAR: - pci->pob[(addr >> 5) & 0x7].potear = value; + pci->pob[idx].potear = value; break; case PCI_POWBAR: - pci->pob[(addr >> 5) & 0x7].powbar = value; + pci->pob[idx].powbar = value; break; case PCI_POWAR: - pci->pob[(addr >> 5) & 0x7].powar = value; + pci->pob[idx].powar = value; break; default: break; @@ -192,18 +197,19 @@ static void pci_reg_write4(void *opaque, target_phys_addr_t addr, case PPCE500_PCI_IW3: case PPCE500_PCI_IW2: case PPCE500_PCI_IW1: + idx = ((addr >> 5) & 0x3) - 1; switch (addr & 0xC) { case PCI_PITAR: - pci->pib[(addr >> 5) & 0x3].pitar = value; + pci->pib[idx].pitar = value; break; case PCI_PIWBAR: - pci->pib[(addr >> 5) & 0x3].piwbar = value; + pci->pib[idx].piwbar = value; break; case PCI_PIWBEAR: - pci->pib[(addr >> 5) & 0x3].piwbear = value; + pci->pib[idx].piwbear = value; break; case PCI_PIWAR: - pci->pib[(addr >> 5) & 0x3].piwar = value; + pci->pib[idx].piwar = value; break; default: break; -- 2.34.1