diff options
| author | Peter Xu <peterx@redhat.com> | 2016-03-11 09:51:46 +0800 |
|---|---|---|
| committer | Gerd Hoffmann <kraxel@redhat.com> | 2016-03-18 13:42:14 +0100 |
| commit | 182b391e797508deba9704cf580325e99260d8c8 (patch) | |
| tree | 355a04390a246c8426118b36f9ee7061df4fa7d3 /hw/usb/hcd-xhci.c | |
| parent | 0ab6d12ffde7e9235a1b9d79437f5bdda5d80cf1 (diff) | |
| download | focaccia-qemu-182b391e797508deba9704cf580325e99260d8c8.tar.gz focaccia-qemu-182b391e797508deba9704cf580325e99260d8c8.zip | |
usb: fix unbounded stack warning for xhci_dma_write_u32s
All the callers for xhci_dma_write_u32s() are using mostly 5 * uint32_t in len. To avoid unbound stack warning for the function, make it statically allocated, and assert when it's not big enough in the future. Signed-off-by: Peter Xu <peterx@redhat.com> Message-id: 1457661106-9569-1-git-send-email-peterx@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/usb/hcd-xhci.c')
| -rw-r--r-- | hw/usb/hcd-xhci.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index 44b6f8c03d..bcde8a2f48 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -698,11 +698,13 @@ static inline void xhci_dma_write_u32s(XHCIState *xhci, dma_addr_t addr, uint32_t *buf, size_t len) { int i; - uint32_t tmp[len / sizeof(uint32_t)]; + uint32_t tmp[5]; + uint32_t n = len / sizeof(uint32_t); assert((len % sizeof(uint32_t)) == 0); + assert(n <= ARRAY_SIZE(tmp)); - for (i = 0; i < (len / sizeof(uint32_t)); i++) { + for (i = 0; i < n; i++) { tmp[i] = cpu_to_le32(buf[i]); } pci_dma_write(PCI_DEVICE(xhci), addr, tmp, len); |