#include "hw/ssi/ssi.h"
#include "qemu/bitops.h"
#include "qemu/log.h"
+#include "qemu/error-report.h"
#include "qapi/error.h"
#ifndef M25P80_ERR_DEBUG
MAN_GENERIC,
} Manufacturer;
+#define M25P80_INTERNAL_DATA_BUFFER_SZ 16
+
typedef struct Flash {
SSISlave parent_obj;
int page_size;
uint8_t state;
- uint8_t data[16];
+ uint8_t data[M25P80_INTERNAL_DATA_BUFFER_SZ];
uint32_t len;
uint32_t pos;
uint8_t needed_bytes;
case STATE_COLLECTING_DATA:
case STATE_COLLECTING_VAR_LEN_DATA:
+
+ if (s->len >= M25P80_INTERNAL_DATA_BUFFER_SZ) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "M25P80: Write overrun internal data buffer. "
+ "SPI controller (QEMU emulator or guest driver) "
+ "is misbehaving\n");
+ s->len = s->pos = 0;
+ s->state = STATE_IDLE;
+ break;
+ }
+
s->data[s->len] = (uint8_t)tx;
s->len++;
break;
case STATE_READING_DATA:
+
+ if (s->pos >= M25P80_INTERNAL_DATA_BUFFER_SZ) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "M25P80: Read overrun internal data buffer. "
+ "SPI controller (QEMU emulator or guest driver) "
+ "is misbehaving\n");
+ s->len = s->pos = 0;
+ s->state = STATE_IDLE;
+ break;
+ }
+
r = s->data[s->pos];
s->pos++;
if (s->pos == s->len) {
.pre_save = m25p80_pre_save,
.fields = (VMStateField[]) {
VMSTATE_UINT8(state, Flash),
- VMSTATE_UINT8_ARRAY(data, Flash, 16),
+ VMSTATE_UINT8_ARRAY(data, Flash, M25P80_INTERNAL_DATA_BUFFER_SZ),
VMSTATE_UINT32(len, Flash),
VMSTATE_UINT32(pos, Flash),
VMSTATE_UINT8(needed_bytes, Flash),