From 89f26e6b7b5e5c9657f2abd6ef5a336bea11add2 Mon Sep 17 00:00:00 2001
From: Peter Maydell <peter.maydell@linaro.org>
Date: Tue, 13 May 2014 16:09:39 +0100
Subject: [PATCH] hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO

In fill_prefetch_fifo(), if the device we are reading from is 16 bit,
then we must not try to transfer an odd number of bytes into the FIFO.
This could otherwise have resulted in our overrunning the prefetch.fifo
array by one byte.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
---
 hw/misc/omap_gpmc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/misc/omap_gpmc.c b/hw/misc/omap_gpmc.c
index 2047274123..cddea241d4 100644
--- a/hw/misc/omap_gpmc.c
+++ b/hw/misc/omap_gpmc.c
@@ -242,6 +242,10 @@ static void fill_prefetch_fifo(struct omap_gpmc_s *s)
     if (bytes > s->prefetch.count) {
         bytes = s->prefetch.count;
     }
+    if (is16bit) {
+        bytes &= ~1;
+    }
+
     s->prefetch.count -= bytes;
     s->prefetch.fifopointer += bytes;
     fptr = 64 - s->prefetch.fifopointer;
-- 
GitLab