From: Jan Charvat <charvj10@fel.cvut.cz>
Signed-off-by: Jan Charvat <charvj10@fel.cvut.cz>
Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
---
hw/net/can/can_sja1000.c | 29 +++++++++++++++++++++++------
1 file changed, 23 insertions(+), 6 deletions(-)
diff --git a/hw/net/can/can_sja1000.c b/hw/net/can/can_sja1000.c
index d83c550edc..382911560c 100644
--- a/hw/net/can/can_sja1000.c
+++ b/hw/net/can/can_sja1000.c
@@ -323,11 +323,16 @@ static void buff2frame_bas(const uint8_t *buff, qemu_can_frame *frame)
static int frame2buff_pel(const qemu_can_frame *frame, uint8_t *buff)
{
int i;
+ int dlen = frame->can_dlc;
if (frame->can_id & QEMU_CAN_ERR_FLAG) { /* error frame, NOT support now. */
return -1;
}
+ if (dlen > 8) {
+ return -1;
+ }
+
buff[0] = 0x0f & frame->can_dlc; /* DLC */
if (frame->can_id & QEMU_CAN_RTR_FLAG) { /* RTR */
buff[0] |= (1 << 6);
@@ -338,18 +343,18 @@ static int frame2buff_pel(const qemu_can_frame *frame, uint8_t *buff)
buff[2] = extract32(frame->can_id, 13, 8); /* ID.20~ID.13 */
buff[3] = extract32(frame->can_id, 5, 8); /* ID.12~ID.05 */
buff[4] = extract32(frame->can_id, 0, 5) << 3; /* ID.04~ID.00,xxx */
- for (i = 0; i < frame->can_dlc; i++) {
+ for (i = 0; i < dlen; i++) {
buff[5 + i] = frame->data[i];
}
- return frame->can_dlc + 5;
+ return dlen + 5;
} else { /* SFF */
buff[1] = extract32(frame->can_id, 3, 8); /* ID.10~ID.03 */
buff[2] = extract32(frame->can_id, 0, 3) << 5; /* ID.02~ID.00,xxxxx */
- for (i = 0; i < frame->can_dlc; i++) {
+ for (i = 0; i < dlen; i++) {
buff[3 + i] = frame->data[i];
}
- return frame->can_dlc + 3;
+ return dlen + 3;
}
return -1;
@@ -358,6 +363,7 @@ static int frame2buff_pel(const qemu_can_frame *frame, uint8_t *buff)
static int frame2buff_bas(const qemu_can_frame *frame, uint8_t *buff)
{
int i;
+ int dlen = frame->can_dlc;
/*
* EFF, no support for BasicMode
@@ -369,17 +375,21 @@ static int frame2buff_bas(const qemu_can_frame *frame, uint8_t *buff)
return -1;
}
+ if (dlen > 8) {
+ return -1;
+ }
+
buff[0] = extract32(frame->can_id, 3, 8); /* ID.10~ID.03 */
buff[1] = extract32(frame->can_id, 0, 3) << 5; /* ID.02~ID.00,xxxxx */
if (frame->can_id & QEMU_CAN_RTR_FLAG) { /* RTR */
buff[1] |= (1 << 4);
}
buff[1] |= frame->can_dlc & 0x0f;
- for (i = 0; i < frame->can_dlc; i++) {
+ for (i = 0; i < dlen; i++) {
buff[2 + i] = frame->data[i];
}
- return frame->can_dlc + 2;
+ return dlen + 2;
}
static void can_sja_update_pel_irq(CanSJA1000State *s)
@@ -764,6 +774,13 @@ ssize_t can_sja_receive(CanBusClientState *client, const qemu_can_frame *frames,
if (frames_cnt <= 0) {
return 0;
}
+ if (frame->flags && QEMU_CAN_FRMF_TYPE_FD) {
+ if (DEBUG_FILTER) {
+ can_display_msg("[cansja]: ignor fd frame ", frame);
+ }
+ return 1;
+ }
+
if (DEBUG_FILTER) {
can_display_msg("[cansja]: receive ", frame);
}
--
2.20.1
On Tue, Jul 14, 2020 at 02:20:15PM +0200, pisa@cmp.felk.cvut.cz wrote:
> From: Jan Charvat <charvj10@fel.cvut.cz>
>
> Signed-off-by: Jan Charvat <charvj10@fel.cvut.cz>
> Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Reviewed-by: Vikram Garhwal <fnu.vikram@xilinx.com>
> ---
> hw/net/can/can_sja1000.c | 29 +++++++++++++++++++++++------
> 1 file changed, 23 insertions(+), 6 deletions(-)
>
> diff --git a/hw/net/can/can_sja1000.c b/hw/net/can/can_sja1000.c
> index d83c550edc..382911560c 100644
> --- a/hw/net/can/can_sja1000.c
> +++ b/hw/net/can/can_sja1000.c
> @@ -323,11 +323,16 @@ static void buff2frame_bas(const uint8_t *buff, qemu_can_frame *frame)
> static int frame2buff_pel(const qemu_can_frame *frame, uint8_t *buff)
> {
> int i;
> + int dlen = frame->can_dlc;
>
> if (frame->can_id & QEMU_CAN_ERR_FLAG) { /* error frame, NOT support now. */
> return -1;
> }
>
> + if (dlen > 8) {
> + return -1;
> + }
> +
> buff[0] = 0x0f & frame->can_dlc; /* DLC */
> if (frame->can_id & QEMU_CAN_RTR_FLAG) { /* RTR */
> buff[0] |= (1 << 6);
> @@ -338,18 +343,18 @@ static int frame2buff_pel(const qemu_can_frame *frame, uint8_t *buff)
> buff[2] = extract32(frame->can_id, 13, 8); /* ID.20~ID.13 */
> buff[3] = extract32(frame->can_id, 5, 8); /* ID.12~ID.05 */
> buff[4] = extract32(frame->can_id, 0, 5) << 3; /* ID.04~ID.00,xxx */
> - for (i = 0; i < frame->can_dlc; i++) {
> + for (i = 0; i < dlen; i++) {
> buff[5 + i] = frame->data[i];
> }
> - return frame->can_dlc + 5;
> + return dlen + 5;
> } else { /* SFF */
> buff[1] = extract32(frame->can_id, 3, 8); /* ID.10~ID.03 */
> buff[2] = extract32(frame->can_id, 0, 3) << 5; /* ID.02~ID.00,xxxxx */
> - for (i = 0; i < frame->can_dlc; i++) {
> + for (i = 0; i < dlen; i++) {
> buff[3 + i] = frame->data[i];
> }
>
> - return frame->can_dlc + 3;
> + return dlen + 3;
> }
>
> return -1;
> @@ -358,6 +363,7 @@ static int frame2buff_pel(const qemu_can_frame *frame, uint8_t *buff)
> static int frame2buff_bas(const qemu_can_frame *frame, uint8_t *buff)
> {
> int i;
> + int dlen = frame->can_dlc;
>
> /*
> * EFF, no support for BasicMode
> @@ -369,17 +375,21 @@ static int frame2buff_bas(const qemu_can_frame *frame, uint8_t *buff)
> return -1;
> }
>
> + if (dlen > 8) {
> + return -1;
> + }
> +
> buff[0] = extract32(frame->can_id, 3, 8); /* ID.10~ID.03 */
> buff[1] = extract32(frame->can_id, 0, 3) << 5; /* ID.02~ID.00,xxxxx */
> if (frame->can_id & QEMU_CAN_RTR_FLAG) { /* RTR */
> buff[1] |= (1 << 4);
> }
> buff[1] |= frame->can_dlc & 0x0f;
> - for (i = 0; i < frame->can_dlc; i++) {
> + for (i = 0; i < dlen; i++) {
> buff[2 + i] = frame->data[i];
> }
>
> - return frame->can_dlc + 2;
> + return dlen + 2;
> }
>
> static void can_sja_update_pel_irq(CanSJA1000State *s)
> @@ -764,6 +774,13 @@ ssize_t can_sja_receive(CanBusClientState *client, const qemu_can_frame *frames,
> if (frames_cnt <= 0) {
> return 0;
> }
> + if (frame->flags && QEMU_CAN_FRMF_TYPE_FD) {
> + if (DEBUG_FILTER) {
> + can_display_msg("[cansja]: ignor fd frame ", frame);
> + }
> + return 1;
> + }
> +
> if (DEBUG_FILTER) {
> can_display_msg("[cansja]: receive ", frame);
> }
© 2016 - 2026 Red Hat, Inc.