simavr
simavr copied to clipboard
buserror
Fix segfault with ATMega16m1 UART simulation
Previously, when accessing the p->fe.reg in avr_uart.c (in avr_uart_init()) for ATmega16m1, the system segfaulted.
In avr_register_io_read, we see the following lines:
avr_io_addr_t a = AVR_DATA_TO_IO(addr);
if (avr->io[a].r.param || avr->io[a].r.c) {
AVR_DATA_TO_IO just subtracts 0x20 from addr. addr is passed in from avr_uart_init as p->fe.reg. But in ATmega16m1, p->fe is not initialized, so it is set to zero. When we subtract 0x20 from 0, and then do avr->io[a], we have an array-out-of-bounds error.
The following previously segfaulted, but no longer does:
./simavr/run_avr -m atmega16m1 -f 4000000 ~/path/to/binary.elf
Ah whoops, I mis-wrote this (I actually found this a few months ago but forgot to submit it).
In avr_register_io_read, we see the following lines:
avr_io_addr_t a = AVR_DATA_TO_IO(addr);
if (avr->io[a].r.param || avr->io[a].r.c) {
AVR_DATA_TO_IO just subtracts 0x20 from addr. addr is passed in from avr_uart_init as p->fe.reg. But in ATmega16m1, p->fe is not initialized, so it is set to zero. When we subtract 0x20 from 0, and then do avr->io[a], we have an array-out-of-bounds error.
Does that make sense? I will update the PR body.
