On 03/11/2020 08.46, AlexChen wrote:
> The size of env->mmu.regs is 3, but the range of 'rn' is [0, 5].
> To avoid data access out of bounds, only if 'rn' is less than 3, we
> can print env->mmu.regs[rn]. In other cases, we can print
> env->mmu.regs[MMU_R_TLBX].
... since env->mmu.regs[MMU_R_TLBX] is used in the other cases in this
function. Makes sense, indeed.
> Reported-by: Euler Robot <euler.ro...@huawei.com>
> Signed-off-by: Alex Chen <alex.c...@huawei.com>
> ---
> target/microblaze/mmu.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/target/microblaze/mmu.c b/target/microblaze/mmu.c
> index 1dbbb271c4..917ad6d69e 100644
> --- a/target/microblaze/mmu.c
> +++ b/target/microblaze/mmu.c
> @@ -234,7 +234,8 @@ void mmu_write(CPUMBState *env, bool ext, uint32_t rn,
> uint32_t v)
> unsigned int i;
>
> qemu_log_mask(CPU_LOG_MMU,
> - "%s rn=%d=%x old=%x\n", __func__, rn, v,
> env->mmu.regs[rn]);
> + "%s rn=%d=%x old=%x\n", __func__, rn, v,
> + rn < 3 ? env->mmu.regs[rn] : env->mmu.regs[MMU_R_TLBX]);
>
> if (cpu->cfg.mmu < 2 || !cpu->cfg.mmu_tlb_access) {
> qemu_log_mask(LOG_GUEST_ERROR, "MMU access on MMU-less system\n");
>
Reviewed-by: Thomas Huth <th...@redhat.com>
