exynos: Fix out-of-bounds access in exynos4210_gcomp_find debug printf
One of the debug printfs in exynos4210_gcomp_find() will
access outside the 's->g_timer.reg.comp[]' array if there
was no active comparator and 'res' is -1. Add a conditional
to avoid this.
This doesn't happen in normal use because the debug printfs
are by default not compiled in.
Signed-off-by: Feng Jiang <jiangfeng@kylinos.cn>
Message-id: 20230404074506.112615-1-jiangfeng@kylinos.cn
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: Adjusted commit message to clarify that the overrun
only happens if you've enabled debug printfs]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c
index c17b247..446bbd2 100644
--- a/hw/timer/exynos4210_mct.c
+++ b/hw/timer/exynos4210_mct.c
@@ -480,11 +480,14 @@
res = min_comp_i;
}
- DPRINTF("found comparator %d: comp 0x%llx distance 0x%llx, gfrc 0x%llx\n",
- res,
- s->g_timer.reg.comp[res],
- distance_min,
- gfrc);
+ if (res >= 0) {
+ DPRINTF("found comparator %d: "
+ "comp 0x%llx distance 0x%llx, gfrc 0x%llx\n",
+ res,
+ s->g_timer.reg.comp[res],
+ distance_min,
+ gfrc);
+ }
return res;
}
