From: Sascha Bischoff <sascha.bischoff@ARM.com>
Date: Thu, 29 Oct 2015 12:48:25 +0000 (-0400)
Subject: dev: Fix segfault in flash device
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=84c697807f835e7c75a17eb3e80c90688b40b188;p=gem5.git

dev: Fix segfault in flash device

Fix a bug in which the flash device would write out of bounds and
could either trigger a segfault and corrupt the memory of other
objects. This was caused by using pageSize in the place of
pagesPerBlock when running the garbage collector.

Also, added an assert to flag this condition in the future.
---

diff --git a/src/dev/arm/flash_device.cc b/src/dev/arm/flash_device.cc
index 8e337cd86..b0b855349 100644
--- a/src/dev/arm/flash_device.cc
+++ b/src/dev/arm/flash_device.cc
@@ -379,7 +379,8 @@ FlashDevice::remap(uint64_t logic_page_addr)
         block = locationTable[logic_page_addr].block * pagesPerBlock;
 
         //assumption: clean will improve locality
-        for (uint32_t count = 0; count < pageSize; count++) {
+        for (uint32_t count = 0; count < pagesPerBlock; count++) {
+            assert(block + count < pagesPerDisk);
             locationTable[block + count].page = (block + count) %
                 pagesPerBlock;
             ++count;