cadence_uart: Fix buffer overflow Report from smatch: hw/cadence_uart.c:413 uart_read(13) error: buffer overflow 's->r' 18 <= 18 This fixes read access to s->r[R_MAX] which is behind the limits of s->r. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>

commit: 5d40097fc09fe5d34cf316a411dc27d455ac2cd0 [log] [tgz]
author: Stefan Weil <sw@weilnetz.de> Sat Sep 01 11:12:23 2012 +0200
committer: Stefan Hajnoczi <stefanha@gmail.com> Sun Sep 23 07:11:28 2012 +0100
tree: 0b69da57b9db89538f97491d658151ff37f2b17f
parent: 39b384591fda27d6e1213cea0b11b1ebe0ed4b74 [diff]
diff --git a/hw/cadence_uart.c b/hw/cadence_uart.c
index d98e531..f8afc4e 100644
--- a/hw/cadence_uart.c
+++ b/hw/cadence_uart.c

@@ -404,7 +404,7 @@
     uint32_t c = 0;
 
     offset >>= 2;
-    if (offset > R_MAX) {
+    if (offset >= R_MAX) {
         return 0;
     } else if (offset == R_TX_RX) {
         uart_read_rx_fifo(s, &c);
commit	5d40097fc09fe5d34cf316a411dc27d455ac2cd0	[log] [tgz]
author	Stefan Weil <sw@weilnetz.de>	Sat Sep 01 11:12:23 2012 +0200
committer	Stefan Hajnoczi <stefanha@gmail.com>	Sun Sep 23 07:11:28 2012 +0100
tree	0b69da57b9db89538f97491d658151ff37f2b17f
parent	39b384591fda27d6e1213cea0b11b1ebe0ed4b74 [diff]