qemu/hw/misc
Peter Maydell a1019d125e hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE
The documentation of the "Set palette" mailbox property at
https://github.com/raspberrypi/firmware/wiki/Mailbox-property-interface#set-palette
says it has the form:

    Length: 24..1032
    Value:
        u32: offset: first palette index to set (0-255)
        u32: length: number of palette entries to set (1-256)
        u32...: RGBA palette values (offset to offset+length-1)

We get this wrong in a couple of ways:
 * we aren't checking the offset and length are in range, so the guest
   can make us spin for a long time by providing a large length
 * the bounds check on our loop is wrong: we should iterate through
   'length' palette entries, not 'length - offset' entries

Fix the loop to implement the bounds checks and get the loop
condition right. In the process, make the variables local to
this switch case, rather than function-global, so it's clearer
what type they are when reading the code.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240723131029.1159908-2-peter.maydell@linaro.org
(cherry picked from commit 0892fffc2a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: context fix due to lack of
 v9.0.0-1812-g5d5f1b60916a "hw/misc: Implement mailbox properties for customer OTP and device specific private keys"
 also remove now-unused local `n' variable which gets removed in the next change in this file,
 v9.0.0-2720-g32f1c201eedf "hw/misc/bcm2835_property: Avoid overflow in OTP access properties")
2024-08-28 08:37:28 +03:00
..
macio bulk: Access existing variables initialized to &S->F when available 2024-03-12 11:46:16 +01:00
a9scu.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-a10-ccm.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-a10-dramc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-cpucfg.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-h3-ccu.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-h3-dramc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-h3-sysctrl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-r40-ccu.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-r40-dramc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-sid.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-sramc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
applesmc.c hw/misc/applesmc: Fix memory leak in reset() handler 2024-04-10 09:09:34 +02:00
arm11scu.c
arm_integrator_debug.c
arm_l2x0.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
arm_sysctl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
armsse-cpu-pwrctrl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
armsse-cpuid.c
armsse-mhu.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
armv7m_ras.c
aspeed_hace.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
aspeed_i3c.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
aspeed_lpc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
aspeed_peci.c hw/misc/aspeed: Add PECI controller 2022-06-30 09:21:14 +02:00
aspeed_sbc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
aspeed_scu.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
aspeed_sdmc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
aspeed_xdma.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
auxbus.c bulk: Rename TARGET_FMT_plx -> HWADDR_FMT_plx 2023-01-18 11:14:34 +01:00
avr_power.c
axp2xx.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
bcm2835_cprman.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
bcm2835_mbox.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
bcm2835_mphi.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
bcm2835_powermgt.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
bcm2835_property.c hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE 2024-08-28 08:37:28 +03:00
bcm2835_rng.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
bcm2835_thermal.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
cbus.c Drop useless casts from g_malloc() & friends to pointer 2022-10-22 23:15:40 +02:00
debugexit.c
djmemc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
eccmemctl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
edu.c system/cpus: rename qemu_mutex_lock_iothread() to bql_lock() 2024-01-08 10:45:43 -05:00
empty_slot.c
exynos4210_clk.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
exynos4210_pmu.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
exynos4210_rng.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
grlib_ahb_apb_pnp.c hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses 2022-08-08 23:43:11 +02:00
i2c-echo.c hw/misc/i2c-echo: add copyright/license note 2023-10-12 14:11:44 +02:00
imx6_ccm.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
imx6_src.c system/cpus: rename qemu_mutex_lock_iothread() to bql_lock() 2024-01-08 10:45:43 -05:00
imx6ul_ccm.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
imx7_ccm.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
imx7_gpr.c
imx7_snvs.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
imx7_src.c system/cpus: rename qemu_mutex_lock_iothread() to bql_lock() 2024-01-08 10:45:43 -05:00
imx25_ccm.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
imx31_ccm.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
imx_ccm.c
imx_rngc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
iosb.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
iotkit-secctl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
iotkit-sysctl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
iotkit-sysinfo.c
ivshmem.c hw/misc/ivshmem: Fix missing ERRP_GUARD() for error_prepend() 2024-03-11 22:10:18 +01:00
Kconfig hw/misc/stm32l4x5_rcc: Implement STM32L4x5_RCC skeleton 2024-03-05 13:22:55 +00:00
lasi.c lasi: Add reset I/O ports for LASI audio and FDC 2024-02-11 13:20:23 +01:00
led.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
mac_via.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
mchp_pfsoc_dmc.c
mchp_pfsoc_ioscb.c hw/{misc, riscv}: pfsoc: add system controller as unimplemented 2023-01-06 10:42:55 +10:00
mchp_pfsoc_sysreg.c hw/{misc, riscv}: pfsoc: add system controller as unimplemented 2023-01-06 10:42:55 +10:00
meson.build misc/pca955*: Move models under hw/gpio 2024-03-25 15:05:38 +01:00
mips_cmgcr.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
mips_cpc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
mips_itu.c hw/misc/mips_itu: Remove MIPSITUState::saar field 2024-02-15 15:53:12 +01:00
mos6522.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
mps2-fpgaio.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
mps2-scc.c hw/misc/mps2-scc: Make changes needed for AN536 FPGA image 2024-02-15 14:32:38 +00:00
msf2-sysreg.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
mst_fpga.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
npcm7xx_clk.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
npcm7xx_gcr.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
npcm7xx_mft.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
npcm7xx_pwm.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
npcm7xx_rng.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
nrf51_rng.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
omap_clk.c
omap_gpmc.c hw/arm/omap: Drop useless casts from void * to pointer 2023-01-12 17:15:09 +00:00
omap_l4.c hw/arm/omap: Drop useless casts from void * to pointer 2023-01-12 17:15:09 +00:00
omap_sdrc.c hw/arm/omap: Drop useless casts from void * to pointer 2023-01-12 17:15:09 +00:00
omap_tap.c hw/arm/omap: Drop useless casts from void * to pointer 2023-01-12 17:15:09 +00:00
pc-testdev.c
pci-testdev.c kvm: require KVM_CAP_IOEVENTFD and KVM_CAP_IOEVENTFD_ANY_LENGTH 2023-10-25 17:35:15 +02:00
pvpanic-isa.c acpi: pvpanic-isa: use AcpiDevAmlIfClass:build_dev_aml to provide device's AML 2022-06-09 19:32:49 -04:00
pvpanic-pci.c bulk: Access existing variables initialized to &S->F when available 2024-03-12 11:46:16 +01:00
pvpanic.c hw/misc/pvpanic: Use standard headers instead 2022-03-06 05:08:23 -05:00
sbsa_ec.c hw/misc/sbsa_ec: Declare QOM macros using OBJECT_DECLARE_SIMPLE_TYPE() 2023-01-12 17:15:09 +00:00
sifive_e_aon.c hw/misc: sifive_e_aon: Support the watchdog timer of HiFive 1 rev b. 2023-07-10 22:29:14 +10:00
sifive_e_prci.c
sifive_test.c hw/misc/sifive_test.c: replace exit calls with proper shutdown 2023-10-12 12:34:30 +10:00
sifive_u_otp.c hw/misc/sifive_u_otp: Remove the deprecated OTP config with '-drive if=none' 2023-01-26 13:25:07 +01:00
sifive_u_prci.c
slavio_misc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
stm32f2xx_syscfg.c hw/other: spelling fixes 2023-09-21 11:31:16 +03:00
stm32f4xx_exti.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
stm32f4xx_syscfg.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
stm32l4x5_exti.c hw/misc: Implement STM32L4x5 EXTI 2024-01-15 17:12:22 +00:00
stm32l4x5_rcc.c hw/misc/stm32l4x5_rcc: Propagate period when enabling a clock 2024-03-26 14:24:06 +01:00
stm32l4x5_syscfg.c hw/arm: Connect STM32L4x5 GPIO to STM32L4x5 SoC 2024-03-07 12:19:25 +00:00
trace-events misc/pca955*: Move models under hw/gpio 2024-03-25 15:05:38 +01:00
trace.h
tz-mpc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
tz-msc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
tz-ppc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
unimp.c
virt_ctrl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
vmcoreinfo.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
xlnx-cfi-if.c hw/misc: Introduce the Xilinx CFI interface 2023-09-08 16:41:34 +01:00
xlnx-versal-cframe-reg.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
xlnx-versal-cfu.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
xlnx-versal-crl.c hw/misc/xlnx-versal-crl: Build it only once 2024-01-26 11:30:49 +00:00
xlnx-versal-pmc-iou-slcr.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
xlnx-versal-trng.c hw/misc/xlnx-versal-trng: Check returned bool in trng_prop_fault_event_set() 2024-03-12 11:45:33 +01:00
xlnx-versal-xramc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
xlnx-zynqmp-apu-ctrl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
xlnx-zynqmp-crf.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
zynq_slcr.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00