From a15a53f2c7ce0fe832925c550b1f478f61e651f4 Mon Sep 17 00:00:00 2001 From: yinxiuxiu Date: Fri, 22 Nov 2024 10:14:17 +0800 Subject: [PATCH 1/2] Avoid taking address of out-of-bounds array index Signed-off-by: yinxiuxiu --- hw/intc/openpic.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/hw/intc/openpic.c b/hw/intc/openpic.c index 9792a11224..46b063d82e 100644 --- a/hw/intc/openpic.c +++ b/hw/intc/openpic.c @@ -1032,13 +1032,14 @@ static void openpic_cpu_write_internal(void *opaque, hwaddr addr, s_IRQ = IRQ_get_next(opp, &dst->servicing); /* Check queued interrupts. */ n_IRQ = IRQ_get_next(opp, &dst->raised); - src = &opp->src[n_IRQ]; - if (n_IRQ != -1 && - (s_IRQ == -1 || - IVPR_PRIORITY(src->ivpr) > dst->servicing.priority)) { - DPRINTF("Raise OpenPIC INT output cpu %d irq %d", - idx, n_IRQ); - qemu_irq_raise(opp->dst[idx].irqs[OPENPIC_OUTPUT_INT]); + if (n_IRQ != -1) { + src = &opp->src[n_IRQ]; + if (s_IRQ == -1 || + IVPR_PRIORITY(src->ivpr) > dst->servicing.priority) { + DPRINTF("Raise OpenPIC INT output cpu %d irq %d", + idx, n_IRQ); + qemu_irq_raise(opp->dst[idx].irqs[OPENPIC_OUTPUT_INT]); + } } break; default: -- Gitee From 4bac207d7a177c504f6b37b73d3b70bc1e17b8fb Mon Sep 17 00:00:00 2001 From: yinxiuxiu Date: Fri, 22 Nov 2024 10:54:43 +0800 Subject: [PATCH 2/2] openpic.c --- hw/intc/openpic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/intc/openpic.c b/hw/intc/openpic.c index 46b063d82e..543e45e7d1 100644 --- a/hw/intc/openpic.c +++ b/hw/intc/openpic.c @@ -1039,7 +1039,7 @@ static void openpic_cpu_write_internal(void *opaque, hwaddr addr, DPRINTF("Raise OpenPIC INT output cpu %d irq %d", idx, n_IRQ); qemu_irq_raise(opp->dst[idx].irqs[OPENPIC_OUTPUT_INT]); - } + } } break; default: -- Gitee