bug reason and how to fix it
/*
* Copies memory from registered ROMs to dest. Any memory that is contained in
* a ROM between addr and addr + size is copied. Note that this can involve
* multiple ROMs, which need not start at addr and need not end at addr + size.
*/
int rom_copy(uint8_t *dest, hwaddr addr, size_t size)
{
hwaddr end = addr + size;
uint8_t *s, *d = dest;
size_t l = 0;
Rom *rom;
QTAILQ_FOREACH(rom, &roms, next) {
if (rom->fw_file) { continue;
}
if (rom->mr) { continue;
}
if (rom->addr + rom->romsize < addr) { continue;
}
if (rom->addr > end) {
break;
}
d = dest + (rom->addr - addr);
s = rom->data;
l = rom->datasize;
if ((d + l) > (dest + size)) {
l = dest - d;
}
if (l > 0) { memcpy(d, s, l); //*****crash here how to fix check the size l.******//
}
if (rom->romsize > rom->datasize) {
/* If datasize is less than romsize, it means that we didn't
* allocate all the ROM because the trailing data are only zeros.
*/
d += l;
l = rom->romsize - rom->datasize;
if ((d + l) > (dest + size)) {
/* Rom size doesn't fit in the destination area. Adjust to avoid
* overflow.
*/
l = dest - d;
}
bug reason and how to fix it
/*
* Copies memory from registered ROMs to dest. Any memory that is contained in
* a ROM between addr and addr + size is copied. Note that this can involve
* multiple ROMs, which need not start at addr and need not end at addr + size.
*/
int rom_copy(uint8_t *dest, hwaddr addr, size_t size)
{
hwaddr end = addr + size;
uint8_t *s, *d = dest;
size_t l = 0;
Rom *rom;
QTAILQ_ FOREACH( rom, &roms, next) {
continue;
continue;
continue;
if (rom->fw_file) {
}
if (rom->mr) {
}
if (rom->addr + rom->romsize < addr) {
}
if (rom->addr > end) {
break;
}
d = dest + (rom->addr - addr);
s = rom->data;
l = rom->datasize;
if ((d + l) > (dest + size)) {
l = dest - d;
}
if (l > 0) {
memcpy( d, s, l); //*****crash here how to fix check the size l.******//
}
if (rom->romsize > rom->datasize) {
/* If datasize is less than romsize, it means that we didn't
* allocate all the ROM because the trailing data are only zeros.
*/
d += l;
l = rom->romsize - rom->datasize;
if ((d + l) > (dest + size)) {
/* Rom size doesn't fit in the destination area. Adjust to avoid
* overflow.
*/
l = dest - d;
}
if (l > 0) {
memset( d, 0x0, l);
}
}
}
return (d + l) - dest;
}