From 3592fe0c919cf27a81d8e9f9b4f269553418bb01 Mon Sep 17 00:00:00 2001

From: Prasad J Pandit <pjp@fedoraproject.org>

Date: Wed, 12 Oct 2016 11:28:08 +0530

Subject: [PATCH] char: serial: check divider value against baud base

16550A UART device uses an oscillator to generate frequencies

(baud base), which decide communication speed. This speed could

be changed by dividing it by a divider. If the divider is

greater than the baud base, speed is set to zero, leading to a

divide by zero error. Add check to avoid it.

Reported-by: Huawei PSIRT <psirt@huawei.com>

Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>

Message-Id: <1476251888-20238-1-git-send-email-ppandit@redhat.com>

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

---

 hw/char/serial.c |    3 ++-

 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/hw/char/serial.c b/hw/char/serial.c

index 3442f47..eec72b7 100644

--- a/hw/char/serial.c

+++ b/hw/char/serial.c

@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s)

     int speed, parity, data_bits, stop_bits, frame_size;

     QEMUSerialSetParams ssp;

-    if (s->divider == 0)

+    if (s->divider == 0 || s->divider > s->baudbase) {

         return;

+    }

     /* Start bit. */

     frame_size = 1;

-- 

1.7.0.4