From: Peter Maydell <peter.maydell@linaro.org>
Date: Tue, 13 May 2014 15:09:39 +0000 (+0100)
Subject: hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=89f26e6b7b5e5c9657f2abd6ef5a336bea11add2;p=qemu.git

hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO

In fill_prefetch_fifo(), if the device we are reading from is 16 bit,
then we must not try to transfer an odd number of bytes into the FIFO.
This could otherwise have resulted in our overrunning the prefetch.fifo
array by one byte.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
---

diff --git a/hw/misc/omap_gpmc.c b/hw/misc/omap_gpmc.c
index 2047274123..cddea241d4 100644
--- a/hw/misc/omap_gpmc.c
+++ b/hw/misc/omap_gpmc.c
@@ -242,6 +242,10 @@ static void fill_prefetch_fifo(struct omap_gpmc_s *s)
     if (bytes > s->prefetch.count) {
         bytes = s->prefetch.count;
     }
+    if (is16bit) {
+        bytes &= ~1;
+    }
+
     s->prefetch.count -= bytes;
     s->prefetch.fifopointer += bytes;
     fptr = 64 - s->prefetch.fifopointer;