summary refs log tree commit diff stats
path: root/hw/arm/pxa2xx.c
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2014-05-07 14:51:21 +0100
committerPeter Maydell <peter.maydell@linaro.org>2014-05-07 14:51:21 +0100
commitc9541f67df48b2c01c4a3d0d7b719b51c6ac9f38 (patch)
treef8ad04d1c144321bc43dcee27f0cf29c8c8f837f /hw/arm/pxa2xx.c
parent7f8fea8b3d31ca396eb3c88bf97b543a86773774 (diff)
parent8bc3923343e91902ca541112b3bdb5448f8d288e (diff)
downloadfocaccia-qemu-c9541f67df48b2c01c4a3d0d7b719b51c6ac9f38.tar.gz
focaccia-qemu-c9541f67df48b2c01c4a3d0d7b719b51c6ac9f38.zip
Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140505' into staging
migration/next for 20140505

# gpg: Signature made Mon 05 May 2014 21:27:24 BST using RSA key ID 5872D723
# gpg: Can't check signature: public key not found

* remotes/juanquintela/tags/migration/20140505: (36 commits)
  migration: expose xbzrle cache miss rate
  migration: expose the bitmap_sync_count to the end
  migration: Add counts of updating the dirty bitmap
  XBZRLE: Fix one XBZRLE corruption issues
  migration: remove duplicate code
  Coverity: Fix failure path for qemu_accept in migration
  Init the XBZRLE.lock in ram_mig_init
  Provide init function for ram migration
  Count used RAMBlock pages for migration_dirty_pages
  Make qemu_peek_buffer loop until it gets it's data
  Disallow outward migration while awaiting incoming migration
  virtio: validate config_len on load
  virtio-net: out-of-bounds buffer write on load
  openpic: avoid buffer overrun on incoming migration
  ssi-sd: fix buffer overrun on invalid state load
  savevm: Ignore minimum_version_id_old if there is no load_state_old
  usb: sanity check setup_index+setup_len in post_load
  vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/
  virtio-scsi: fix buffer overrun on invalid state load
  zaurus: fix buffer overrun on invalid state load
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/arm/pxa2xx.c')
-rw-r--r--hw/arm/pxa2xx.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 04291488e4..e0cd847b95 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -732,7 +732,7 @@ static void pxa2xx_ssp_save(QEMUFile *f, void *opaque)
 static int pxa2xx_ssp_load(QEMUFile *f, void *opaque, int version_id)
 {
     PXA2xxSSPState *s = (PXA2xxSSPState *) opaque;
-    int i;
+    int i, v;
 
     s->enable = qemu_get_be32(f);
 
@@ -746,7 +746,11 @@ static int pxa2xx_ssp_load(QEMUFile *f, void *opaque, int version_id)
     qemu_get_8s(f, &s->ssrsa);
     qemu_get_8s(f, &s->ssacd);
 
-    s->rx_level = qemu_get_byte(f);
+    v = qemu_get_byte(f);
+    if (v < 0 || v > ARRAY_SIZE(s->rx_fifo)) {
+        return -EINVAL;
+    }
+    s->rx_level = v;
     s->rx_start = 0;
     for (i = 0; i < s->rx_level; i ++)
         s->rx_fifo[i] = qemu_get_byte(f);