dma: rc4030: limit interval timer reload value

The JAZZ RC4030 chipset emulator has a periodic timer and associated interval reload register. The reload value is used as divider when computing timer's next tick value. If reload value is large, it could lead to divide by zero error. Limit the interval reload value to avoid it. Reported-by: N Huawei PSIRT <psirt@huawei.com> Signed-off-by: N Prasad J Pandit <pjp@fedoraproject.org> Tested-by: N Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: N Yongbok Kim <yongbok.kim@imgtec.com>

dma: rc4030: limit interval timer reload value
The JAZZ RC4030 chipset emulator has a periodic timer and associated interval reload register. The reload value is used as divider when computing timer's next tick value. If reload value is large, it could lead to divide by zero error. Limit the interval reload value to avoid it. Reported-by: N Huawei PSIRT <psirt@huawei.com> Signed-off-by: N Prasad J Pandit <pjp@fedoraproject.org> Tested-by: N Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: N Yongbok Kim <yongbok.kim@imgtec.com>
c0a3172f · Prasad J Pandit · Yongbok Kim · 075a1fe7 · c0a3172f
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

hw/dma/rc4030.c hw/dma/rc4030.c +1 -1

未找到文件。
--- a/hw/dma/rc4030.c
+++ b/hw/dma/rc4030.c
@@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr, uint64_t data,
        break;
    /* Interval timer reload */
    case 0x0228:
-        s->itr = val;
+        s->itr = val & 0x01FF;
        qemu_irq_lower(s->timer_irq);
        set_next_tick(s);
        break;