summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSascha Bischoff <sascha.bischoff@ARM.com>2015-10-29 08:48:25 -0400
committerSascha Bischoff <sascha.bischoff@ARM.com>2015-10-29 08:48:25 -0400
commit84c697807f835e7c75a17eb3e80c90688b40b188 (patch)
tree884d216d273aef72ca636cce4426f9e0eb6bf384
parent84b3452f67007ab46e0a59f8227b42b6ec6557f0 (diff)
downloadgem5-84c697807f835e7c75a17eb3e80c90688b40b188.tar.xz
dev: Fix segfault in flash device
Fix a bug in which the flash device would write out of bounds and could either trigger a segfault and corrupt the memory of other objects. This was caused by using pageSize in the place of pagesPerBlock when running the garbage collector. Also, added an assert to flag this condition in the future.
-rw-r--r--src/dev/arm/flash_device.cc3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/dev/arm/flash_device.cc b/src/dev/arm/flash_device.cc
index 8e337cd86..b0b855349 100644
--- a/src/dev/arm/flash_device.cc
+++ b/src/dev/arm/flash_device.cc
@@ -379,7 +379,8 @@ FlashDevice::remap(uint64_t logic_page_addr)
block = locationTable[logic_page_addr].block * pagesPerBlock;
//assumption: clean will improve locality
- for (uint32_t count = 0; count < pageSize; count++) {
+ for (uint32_t count = 0; count < pagesPerBlock; count++) {
+ assert(block + count < pagesPerDisk);
locationTable[block + count].page = (block + count) %
pagesPerBlock;
++count;