[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 03/32] lm832x: don't overrun file buffer on save/restore

Saving and restoring an lm832x record would overrun the pwm.file array
since pwm.file is uint16_t elements and sizeof(pwm.file) twice as many
elements.

To ensure compatibility, padding bytes are added to the record.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Coverity-IDs: 1055728 1055729
---
 hw/lm832x.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/hw/lm832x.c b/hw/lm832x.c
index dd94310..a212866 100644
--- a/hw/lm832x.c
+++ b/hw/lm832x.c
@@ -439,8 +439,11 @@ static void lm_kbd_save(QEMUFile *f, void *opaque)
     qemu_put_byte(f, s->kbd.len);
     qemu_put_buffer(f, s->kbd.fifo, sizeof(s->kbd.fifo));
 
-    for (i = 0; i < sizeof(s->pwm.file); i ++)
+    for (i = 0; i < ARRAY_SIZE(s->pwm.file); i ++)
         qemu_put_be16s(f, &s->pwm.file[i]);
+    /* Padding for compatibility with older records. */
+    for ( ; i < sizeof(s->pwm.file); i++)
+        qemu_put_be16s(f, 0);
     qemu_put_8s(f, &s->pwm.faddr);
     qemu_put_buffer(f, s->pwm.addr, sizeof(s->pwm.addr));
     qemu_put_timer(f, s->pwm.tm[0]);
@@ -451,6 +454,7 @@ static void lm_kbd_save(QEMUFile *f, void *opaque)
 static int lm_kbd_load(QEMUFile *f, void *opaque, int version_id)
 {
     struct lm_kbd_s *s = (struct lm_kbd_s *) opaque;
+    uint16_t pad;
     int i;
 
     i2c_slave_load(f, &s->i2c);
@@ -475,8 +479,11 @@ static int lm_kbd_load(QEMUFile *f, void *opaque, int 
version_id)
     s->kbd.len = qemu_get_byte(f);
     qemu_get_buffer(f, s->kbd.fifo, sizeof(s->kbd.fifo));
 
-    for (i = 0; i < sizeof(s->pwm.file); i ++)
+    for (i = 0; i < ARRAY_SIZE(s->pwm.file); i ++)
         qemu_get_be16s(f, &s->pwm.file[i]);
+    /* Skip padding. */
+    for ( ; i < sizeof(s->pwm.file); i++)
+        qemu_get_be16(f);
     qemu_get_8s(f, &s->pwm.faddr);
     qemu_get_buffer(f, s->pwm.addr, sizeof(s->pwm.addr));
     qemu_get_timer(f, s->pwm.tm[0]);
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.