| commit | cf5f7937b05c84d5565134f058c00cd48304a117 | |
| author | Peter Maydell <peter.maydell@linaro.org> | |
| Tue, 10 Oct 2017 15:54:16 +0000 (10 16:54 +0100) | ||
| committer | Peter Maydell <peter.maydell@linaro.org> | |
| Thu, 12 Oct 2017 15:33:16 +0000 (12 16:33 +0100) | ||
| tree | 74f97fd1d01bc8f8b372387bd98d08a7ad12c7df | treesnapshot (tar.gz zip) |
| parent | a94bb9cd586c50d13b68e5fa4628cc36e29805c4 | commitdiff |
nvic: Fix miscalculation of offsets into ITNS array
This calculation of the first exception vector in
the ITNS<n> register being accessed:
int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ;
is incorrect, because offset is in bytes, so we only want
to multiply by 8.
Spotted by Coverity (CID 1381484, CID 1381488), though it is
not correct that it actually overflows the buffer, because
we have a 'startvec + i < s->num_irq' guard.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1507650856-11718-1-git-send-email-peter.maydell@linaro.org
This calculation of the first exception vector in
the ITNS<n> register being accessed:
int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ;
is incorrect, because offset is in bytes, so we only want
to multiply by 8.
Spotted by Coverity (CID 1381484, CID 1381488), though it is
not correct that it actually overflows the buffer, because
we have a 'startvec + i < s->num_irq' guard.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1507650856-11718-1-git-send-email-peter.maydell@linaro.org
| hw/intc/armv7m_nvic.c | diffblobblamehistory |