qemu/hw/intc
Peter Maydell cf5f7937b0 nvic: Fix miscalculation of offsets into ITNS array
This calculation of the first exception vector in
the ITNS<n> register being accessed:
        int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ;

is incorrect, because offset is in bytes, so we only want
to multiply by 8.

Spotted by Coverity (CID 1381484, CID 1381488), though it is
not correct that it actually overflows the buffer, because
we have a 'startvec + i < s->num_irq' guard.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1507650856-11718-1-git-send-email-peter.maydell@linaro.org
2017-10-12 16:33:16 +01:00
..
Makefile.objs ppc/pnv: add a PnvICPState object 2017-04-26 12:00:42 +10:00
allwinner-a10-pic.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
apic.c apic: add send_msi() to APICCommonClass 2016-10-17 15:44:49 -02:00
apic_common.c migration: pre_save return int 2017-09-27 11:35:59 +01:00
arm_gic.c ARM: KVM: Enable in-kernel timers with user space gic 2017-07-11 11:21:26 +01:00
arm_gic_common.c migration: pre_save return int 2017-09-27 11:35:59 +01:00
arm_gic_kvm.c kvm-all: Pass an error object to kvm_device_access 2017-06-13 14:57:00 +01:00
arm_gicv2m.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
arm_gicv3.c hw/intc/arm_gicv3: Don't signal Pending+Active interrupts to CPU 2016-12-27 14:59:25 +00:00
arm_gicv3_common.c migration: pre_save return int 2017-09-27 11:35:59 +01:00
arm_gicv3_cpuif.c arm_gicv3: Fix ICC_BPR1 reset value when EL3 not implemented 2017-06-07 17:21:44 +01:00
arm_gicv3_dist.c hw/intc/arm_gicv3: Fix compilation with simple trace backend 2016-06-20 11:35:15 +01:00
arm_gicv3_its_common.c migration: pre_save return int 2017-09-27 11:35:59 +01:00
arm_gicv3_its_kvm.c gicv3: Convert to DEFINE_PROP_LINK 2017-09-07 13:54:51 +01:00
arm_gicv3_kvm.c arm_gicv3_kvm: Fix compile warning 2017-09-04 17:13:53 +01:00
arm_gicv3_redist.c arm_gicv3: Add assert()s to tell Coverity that offsets are aligned 2016-07-19 17:56:27 +01:00
armv7m_nvic.c nvic: Fix miscalculation of offsets into ITNS array 2017-10-12 16:33:16 +01:00
aspeed_vic.c hw: Clean up includes 2016-06-07 18:19:23 +03:00
bcm2835_ic.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
bcm2836_control.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
etraxfs_pic.c qdev: Replace cannot_instantiate_with_device_add_yet with !user_creatable 2017-05-17 10:37:00 -03:00
exynos4210_combiner.c hw/intc: QOM'ify exynos4210_combiner.c 2016-05-12 13:22:24 +01:00
exynos4210_gic.c hw/intc/exynos4210_gic: Constify array of combiner interrupts 2017-06-13 14:56:58 +01:00
gic_internal.h arm: gic: Remove references to NVIC 2017-02-28 12:08:17 +00:00
gicv3_internal.h target-arm: Add GICv3CPUState in CPUARMState struct 2017-02-28 17:10:00 +00:00
grlib_irqmp.c qdev: Replace cannot_instantiate_with_device_add_yet with !user_creatable 2017-05-17 10:37:00 -03:00
heathrow_pic.c hw/intc: Clean up includes 2016-01-29 15:07:24 +00:00
i8259.c intc: make HMP 'info irq' and 'info pic' commands use InterruptStatsProvider interface 2016-10-04 10:00:25 +02:00
i8259_common.c migration: pre_save return int 2017-09-27 11:35:59 +01:00
imx_avic.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
intc.c intc: add an interface to gather statistics/informations on interrupt controllers 2016-10-04 10:00:25 +02:00
ioapic.c ioapic: Remove user_creatable flag 2017-05-17 10:37:01 -03:00
ioapic_common.c migration: pre_save return int 2017-09-27 11:35:59 +01:00
lm32_pic.c intc: make HMP 'info irq' and 'info pic' commands use InterruptStatsProvider interface 2016-10-04 10:00:25 +02:00
mips_gic.c hw/mips_gic: Update pin state on mask changes 2017-02-21 22:24:58 +00:00
nios2_iic.c qdev: Replace cannot_instantiate_with_device_add_yet with !user_creatable 2017-05-17 10:37:00 -03:00
omap_intc.c qdev: Replace cannot_instantiate_with_device_add_yet with !user_creatable 2017-05-17 10:37:00 -03:00
openpic.c ppc: Fix OpenPIC model 2017-09-27 13:05:41 +10:00
openpic_kvm.c memory: Switch memory from using AddressSpace to FlatView 2017-09-21 23:19:37 +02:00
pl190.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
puv3_intc.c unicore: Clean up includes 2016-01-29 15:07:22 +00:00
realview_gic.c include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
s390_flic.c s390x/flic: migrate ais states 2017-07-14 12:29:49 +02:00
s390_flic_kvm.c migration: pre_save return int 2017-09-27 11:35:59 +01:00
sh_intc.c hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
slavio_intctl.c intc: make HMP 'info irq' and 'info pic' commands use InterruptStatsProvider interface 2016-10-04 10:00:25 +02:00
trace-events nvic: Support banked exceptions in acknowledge and complete 2017-09-21 16:31:09 +01:00
vgic_common.h intc/gic: Extract some reusable vGIC code 2015-09-24 01:29:36 +01:00
xics.c migration: pre_save return int 2017-09-27 11:35:59 +01:00
xics_kvm.c xics: drop ICPStateClass::cpu_setup() handler 2017-06-09 12:17:59 +10:00
xics_pnv.c xics: pass appropriate types to realize() handlers. 2017-06-09 12:12:34 +10:00
xics_spapr.c ppc/xics: simplify prototype of xics_spapr_init() 2017-05-24 11:39:52 +10:00
xilinx_intc.c hw/intc: Clean up includes 2016-01-29 15:07:24 +00:00