From d1cdc02569b4124177a3f707e9bee8df014918dd Mon Sep 17 00:00:00 2001 From: yinxiuxiu Date: Fri, 22 Nov 2024 08:13:35 +0000 Subject: [PATCH] update hw/intc/openpic.c. cherry-pick from 3bf7dcd47a3da0e86a9347ce5b2b5d5a1dcb5857 This is because we do src = &opp->src[n_IRQ]; when n_IRQ may be -1. This is in practice harmless because if n_IRQ is -1 then we don't do anything with the src pointer, but it is undefined behaviour. (This has been present since this device was first added to QEMU.) Signed-off-by: Peter Maydell peter.maydell@linaro.org Reviewed-by: Richard Henderson richard.henderson@linaro.org Reviewed-by: Mark Cave-Ayland mark.cave-ayland@ilande.co.uk Message-id: 20241105180205.3074071-1-peter.maydell@linaro.org Signed-off-by: yinxiuxiu yinxiuxiu_yewu@cmss.chinamobile.com Signed-off-by: yinxiuxiu --- hw/intc/openpic.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/hw/intc/openpic.c b/hw/intc/openpic.c index 0f99b77a17..d74ec11af4 100644 --- a/hw/intc/openpic.c +++ b/hw/intc/openpic.c @@ -1031,13 +1031,14 @@ static void openpic_cpu_write_internal(void *opaque, hwaddr addr, s_IRQ = IRQ_get_next(opp, &dst->servicing); /* Check queued interrupts. */ n_IRQ = IRQ_get_next(opp, &dst->raised); - src = &opp->src[n_IRQ]; - if (n_IRQ != -1 && - (s_IRQ == -1 || - IVPR_PRIORITY(src->ivpr) > dst->servicing.priority)) { - DPRINTF("Raise OpenPIC INT output cpu %d irq %d", - idx, n_IRQ); - qemu_irq_raise(opp->dst[idx].irqs[OPENPIC_OUTPUT_INT]); + if (n_IRQ != -1) { + src = &opp->src[n_IRQ]; + if (s_IRQ == -1 || + IVPR_PRIORITY(src->ivpr) > dst->servicing.priority) { + DPRINTF("Raise OpenPIC INT output cpu %d irq %d", + idx, n_IRQ); + qemu_irq_raise(opp->dst[idx].irqs[OPENPIC_OUTPUT_INT]); + } } break; default: -- Gitee