qemu/hw
Peter Maydell 81b3ddaf87 hw/timer/renesas_tmr: Fix use of uninitialized data in read_tcnt()
The read_tcnt() function calculates the TCNT register values for the
two channels of the timer module; it sets these up in the local
tcnt[] array, and eventually returns either one or both of them,
depending on whether the access is 8 or 16 bits.  However, not all of
the code paths through this function set both elements of this array:
if the guest has programmed the TCCR.CSS register fields to values
which are either documented as not to be used or which QEMU does not
implement, then the function will return uninitialized data.  (This
was spotted by Coverity.)

Add the missing CSS cases to this code, so that we return a
consistent value instead of uninitialized data, and so the code
structure indicates what's happening.

Fixes: CID 1429976
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210219223241.16344-3-peter.maydell@linaro.org
2021-03-10 13:54:51 +00:00
..
9pfs 9pfs: Convert reclaim list to QSLIST 2021-01-22 18:26:40 +01:00
acpi acpi/core: always set SCI_EN when SMM isn't supported 2021-02-23 10:58:42 -05:00
adc clock: Add ClockEvent parameter to callbacks 2021-03-08 17:20:01 +00:00
alpha vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
arm hw/arm: xlnx-zynqmp: Connect a Xilinx CSU DMA module for QSPI 2021-03-10 13:54:51 +00:00
audio audio/via-ac97: Simplify code and set user_creatable to false 2021-01-04 23:24:44 +01:00
avr vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
block hw/block: m25p80: Add various ISSI flash information 2021-03-04 09:43:29 -05:00
char clock: Add ClockEvent parameter to callbacks 2021-03-08 17:20:01 +00:00
core clock: Add ClockPreUpdate callback event type 2021-03-08 17:20:01 +00:00
cpu cpu/core: Register core-id and nr-threads as class properties 2020-09-22 16:48:29 -04:00
cris cris: do not use ram_size global 2020-12-10 12:15:07 -05:00
display hw/display/tcx: Drop unnecessary code for handling BGR format outputs 2021-03-06 13:30:38 +00:00
dma hw/dma: Implement a Xilinx CSU DMA model 2021-03-08 17:20:04 +00:00
gpio hw: gpio: implement gpio-pwr driver for qemu reset/poweroff 2021-01-29 10:47:28 +00:00
hppa hw: Use the PCI_SLOT() macro from 'hw/pci/pci.h' 2021-01-04 23:24:44 +01:00
hyperv qdev: Move softmmu properties to qdev-properties-system.h 2020-12-18 15:20:17 -05:00
i2c hw/i2c/npcm7xx_smbus: Simplify npcm7xx_smbus_init() 2021-03-05 15:17:34 +00:00
i386 x86/pvh: extract only 4 bytes of start address for 32 bit kernels 2021-03-06 11:41:54 +01:00
ide hw/ide/ahci: map cmd_fis as DMA_DIRECTION_TO_DEVICE 2021-02-15 15:10:14 +01:00
input Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
intc KVM: x86: deprecate -M kernel-irqchip=off except for -M isapc 2021-03-06 11:41:54 +01:00
ipack Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ipmi Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
isa acpi/core: always set SCI_EN when SMM isn't supported 2021-02-23 10:58:42 -05:00
lm32 vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
m68k m68k: import bootinfo headers from linux 2021-02-11 21:56:42 +01:00
mem nvdimm: put it into the 'storage' category 2021-02-20 12:36:19 +01:00
microblaze vl: make qemu_get_machine_opts static 2020-12-15 12:51:55 -05:00
mips clock: Add ClockEvent parameter to callbacks 2021-03-08 17:20:01 +00:00
misc hw/misc/mps2-scc: Implement changes for AN547 2021-03-08 17:20:03 +00:00
moxie moxie: do not use ram_size global 2020-12-10 12:15:08 -05:00
net hw/net: Add npcm7xx emc model 2021-03-05 15:17:34 +00:00
nios2 * New -action option and set-action QMP command (Alejandro) 2020-12-15 21:24:31 +00:00
nubus meson: convert hw/nubus 2020-08-21 06:30:25 -04:00
nvram nvram: add nrf51_soc flash read method 2021-02-08 15:15:32 +01:00
openrisc target/openrisc: Move pic_cpu code into CPU object proper 2020-12-15 12:04:30 +00:00
pci hw/pci: Have safer pcie_bus_realize() by checking error path 2021-03-02 09:16:18 -05:00
pci-bridge Kconfig: Compile PXB for ARM_VIRT 2021-01-17 06:42:54 -05:00
pci-host acpi/gpex: Fix cca attribute check for pxb device 2021-02-23 10:06:55 -05:00
pcmcia pxa2xx: Move QOM macros to header 2020-08-27 14:04:55 -04:00
ppc hw/ppc: e500: Fill in correct <clock-frequency> for the serial nodes 2021-02-10 14:50:11 +11:00
rdma Machine queue, 2020-12-23 2021-01-01 22:57:15 +00:00
remote multi-process: perform device reset in the remote process 2021-02-10 09:23:28 +00:00
riscv hw/riscv: virt: Map high mmio for PCIe 2021-03-04 09:43:29 -05:00
rtc goldfish_rtc: re-arm the alarm after migration 2021-03-04 09:43:29 -05:00
rx rx: move BIOS load from MCU to board 2020-12-10 12:15:06 -05:00
s390x virtio-ccw: commands on revision-less devices 2021-03-04 11:23:35 +01:00
scsi scsi: move host_status handling into SCSI drivers 2021-03-06 11:42:57 +01:00
sd Pull request trivial patches 20210220 2021-02-21 12:12:18 +00:00
semihosting semihosting: Implement SYS_ISERROR 2021-01-18 10:05:06 +00:00
sh4 hw: Use the PCI_SLOT() macro from 'hw/pci/pci.h' 2021-01-04 23:24:44 +01:00
smbios i386: do not use ram_size global 2020-12-10 12:15:08 -05:00
sparc sun4m: don't connect two qemu_irqs directly to the same input 2021-01-06 11:41:37 +00:00
sparc64 vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
ssi hw/ssi: xilinx_spips: Remove DMA related dead codes from zynqmp_spips 2021-03-10 13:54:51 +00:00
timer hw/timer/renesas_tmr: Fix use of uninitialized data in read_tcnt() 2021-03-10 13:54:51 +00:00
tpm tpm: put some tpm devices into the correct category 2021-02-20 12:36:19 +01:00
tricore tricore tcg cpus: Fix Lesser GPL version number 2020-11-15 16:40:30 +01:00
unicore32 meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
usb scsi: drop 'result' argument from command_complete callback 2021-02-25 14:14:32 +01:00
vfio vfio-ccw: Do not read region ret_code after write 2021-03-04 11:24:49 +01:00
virtio virtio-mmio: improve virtio-mmio get_dev_path alog 2021-03-05 15:17:34 +00:00
watchdog clock: Add ClockEvent parameter to callbacks 2021-03-08 17:20:01 +00:00
xen pci: add romsize property 2021-02-05 08:52:58 -05:00
xenpv meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
xtensa vl: make qemu_get_machine_opts static 2020-12-15 12:51:55 -05:00
Kconfig multi-process: Add config option for multi-process QEMU 2021-02-09 20:53:56 +00:00
meson.build multi-process: setup a machine object for remote device process 2021-02-10 09:23:28 +00:00