mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0892fffc2a
qemu/hw/misc
History
Peter Maydell 0892fffc2a hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE 
The documentation of the "Set palette" mailbox property at
https://github.com/raspberrypi/firmware/wiki/Mailbox-property-interface#set-palette
says it has the form:

    Length: 24..1032
    Value:
        u32: offset: first palette index to set (0-255)
        u32: length: number of palette entries to set (1-256)
        u32...: RGBA palette values (offset to offset+length-1)

We get this wrong in a couple of ways:
 * we aren't checking the offset and length are in range, so the guest
   can make us spin for a long time by providing a large length
 * the bounds check on our loop is wrong: we should iterate through
   'length' palette entries, not 'length - offset' entries

Fix the loop to implement the bounds checks and get the loop
condition right. In the process, make the variables local to
this switch case, rather than function-global, so it's clearer
what type they are when reading the code.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240723131029.1159908-2-peter.maydell@linaro.org
2024-07-29 16:55:59 +01:00
..
macio hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
a9scu.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-a10-ccm.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-a10-dramc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-cpucfg.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-h3-ccu.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-h3-dramc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-h3-sysctrl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-r40-ccu.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-r40-dramc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-sid.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
allwinner-sramc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
applesmc.c hw/misc/applesmc: Simplify DeviceReset handler 2024-04-25 12:48:12 +02:00
arm11scu.c
arm_integrator_debug.c
arm_l2x0.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
arm_sysctl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
armsse-cpu-pwrctrl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
armsse-cpuid.c
armsse-mhu.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
armv7m_ras.c
aspeed_hace.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
aspeed_i3c.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
aspeed_lpc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
aspeed_peci.c
aspeed_sbc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
aspeed_scu.c aspeed/scu: Add AST2700 support 2024-06-16 21:08:54 +02:00
aspeed_sdmc.c aspeed/sdmc: Remove extra R_MAIN_STATUS case 2024-07-02 07:52:43 +02:00
aspeed_sli.c aspeed/sli: Add AST2700 support 2024-06-16 21:08:54 +02:00
aspeed_xdma.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
auxbus.c bulk: Rename TARGET_FMT_plx -> HWADDR_FMT_plx 2023-01-18 11:14:34 +01:00
avr_power.c
axp2xx.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
bcm2835_cprman.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
bcm2835_mbox.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
bcm2835_mphi.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
bcm2835_powermgt.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
bcm2835_property.c hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE 2024-07-29 16:55:59 +01:00
bcm2835_rng.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
bcm2835_thermal.c hw/misc/bcm2835_thermal: Fix access size handling in bcm2835_thermal_ops 2024-07-11 11:41:33 +01:00
cbus.c
debugexit.c hw/misc/debugexit: use runstate API instead of plain exit() 2024-06-04 11:53:43 +02:00
djmemc.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
eccmemctl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
edu.c Remove inclusion of hw/hw.h from files that don't need it 2024-07-02 06:58:48 +02:00
empty_slot.c
exynos4210_clk.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
exynos4210_pmu.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
exynos4210_rng.c hw/misc: Set valid access size for Exynos4210 RNG 2024-06-21 16:20:45 +01:00
grlib_ahb_apb_pnp.c
i2c-echo.c hw/misc/i2c-echo: add copyright/license note 2023-10-12 14:11:44 +02:00
imx6_ccm.c hw/misc/imx: Replace sprintf() by snprintf() 2024-04-25 12:48:12 +02:00
imx6_src.c hw/misc/imx: Replace sprintf() by snprintf() 2024-04-25 12:48:12 +02:00
imx6ul_ccm.c hw/misc/imx: Replace sprintf() by snprintf() 2024-04-25 12:48:12 +02:00
imx7_ccm.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
imx7_gpr.c
imx7_snvs.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
imx7_src.c hw/misc/imx: Replace sprintf() by snprintf() 2024-04-25 12:48:12 +02:00
imx25_ccm.c hw/misc/imx: Replace sprintf() by snprintf() 2024-04-25 12:48:12 +02:00
imx31_ccm.c hw/misc/imx: Replace sprintf() by snprintf() 2024-04-25 12:48:12 +02:00
imx_ccm.c
imx_rngc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
iosb.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
iotkit-secctl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
iotkit-sysctl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
iotkit-sysinfo.c
ivshmem.c hw/misc/ivshmem: Fix missing ERRP_GUARD() for error_prepend() 2024-03-11 22:10:18 +01:00
Kconfig hw/misc/stm32l4x5_rcc: Implement STM32L4x5_RCC skeleton 2024-03-05 13:22:55 +00:00
lasi.c lasi: Add reset I/O ports for LASI audio and FDC 2024-02-11 13:20:23 +01:00
led.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
mac_via.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
mchp_pfsoc_dmc.c
mchp_pfsoc_ioscb.c
mchp_pfsoc_sysreg.c
meson.build aspeed/sli: Add AST2700 support 2024-06-16 21:08:54 +02:00
mips_cmgcr.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
mips_cpc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
mips_itu.c hw/misc/mips_itu: Remove MIPSITUState::saar field 2024-02-15 15:53:12 +01:00
mos6522.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
mps2-fpgaio.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
mps2-scc.c hw/misc/mps2-scc: Make changes needed for AN536 FPGA image 2024-02-15 14:32:38 +00:00
msf2-sysreg.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
mst_fpga.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
npcm7xx_clk.c hw/misc: Don't special case RESET_TYPE_COLD in npcm7xx_clk, gcr 2024-04-25 10:21:06 +01:00
npcm7xx_gcr.c hw/misc: Don't special case RESET_TYPE_COLD in npcm7xx_clk, gcr 2024-04-25 10:21:06 +01:00
npcm7xx_mft.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
npcm7xx_pwm.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
npcm7xx_rng.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
nrf51_rng.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
omap_clk.c
omap_gpmc.c hw/arm/omap: Drop useless casts from void * to pointer 2023-01-12 17:15:09 +00:00
omap_l4.c hw/arm/omap: Drop useless casts from void * to pointer 2023-01-12 17:15:09 +00:00
omap_sdrc.c hw/arm/omap: Drop useless casts from void * to pointer 2023-01-12 17:15:09 +00:00
omap_tap.c hw/arm/omap: Drop useless casts from void * to pointer 2023-01-12 17:15:09 +00:00
pc-testdev.c
pci-testdev.c kvm: require KVM_CAP_IOEVENTFD and KVM_CAP_IOEVENTFD_ANY_LENGTH 2023-10-25 17:35:15 +02:00
pvpanic-isa.c hw/misc/pvpanic: centralize definition of supported events 2024-07-01 17:16:04 -04:00
pvpanic-pci.c hw/misc/pvpanic: centralize definition of supported events 2024-07-01 17:16:04 -04:00
pvpanic.c hw/misc/pvpanic: add support for normal shutdowns 2024-07-01 17:16:04 -04:00
sbsa_ec.c hw/misc/sbsa_ec: Declare QOM macros using OBJECT_DECLARE_SIMPLE_TYPE() 2023-01-12 17:15:09 +00:00
sifive_e_aon.c hw/misc: sifive_e_aon: Support the watchdog timer of HiFive 1 rev b. 2023-07-10 22:29:14 +10:00
sifive_e_prci.c
sifive_test.c hw/misc/sifive_test.c: replace exit calls with proper shutdown 2023-10-12 12:34:30 +10:00
sifive_u_otp.c hw/misc/sifive_u_otp: Remove the deprecated OTP config with '-drive if=none' 2023-01-26 13:25:07 +01:00
sifive_u_prci.c
slavio_misc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
stm32f2xx_syscfg.c hw/other: spelling fixes 2023-09-21 11:31:16 +03:00
stm32f4xx_exti.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
stm32f4xx_syscfg.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
stm32l4x5_exti.c hw/misc: In STM32L4x5 EXTI, handle direct interrupts 2024-07-11 11:41:34 +01:00
stm32l4x5_rcc.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
stm32l4x5_syscfg.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
trace-events aspeed/scu: Add AST2700 support 2024-06-16 21:08:54 +02:00
trace.h
tz-mpc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
tz-msc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
tz-ppc.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
unimp.c
virt_ctrl.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
vmcoreinfo.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
xlnx-cfi-if.c hw/misc: Introduce the Xilinx CFI interface 2023-09-08 16:41:34 +01:00
xlnx-versal-cframe-reg.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
xlnx-versal-cfu.c hw/misc: Constify VMState 2023-12-30 07:38:06 +11:00
xlnx-versal-crl.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
xlnx-versal-pmc-iou-slcr.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
xlnx-versal-trng.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
xlnx-versal-xramc.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
xlnx-zynqmp-apu-ctrl.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
xlnx-zynqmp-crf.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
zynq_slcr.c hw/misc/zynq_slcr: Add boot-mode property 2024-07-01 15:40:54 +01:00