timer: stm32f2xx_timer: add check for prescaler value

The STM32F2XX Timer emulator uses a 16 bit prescaler value to
limit the timer clock rate. It does that by dividing the timer
frequency. If the prescaler 's->tim_psc' was set to be UINT_MAX,
it'd lead to divide by zero error. Limit prescaler value to 16
bits to avoid it.

Reported-by: Huawei PSIRT <psirt@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1476800269-31902-1-git-send-email-ppandit@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

diff --git a/hw/timer/stm32f2xx_timer.c b/hw/timer/stm32f2xx_timer.c
index 8c4c1f9f05534034cc063ce4fb82ada3ef22d5c5..e5f5e14a90b1c243729583427b2479bdaaacc0ab 100644 (file)
--- a/hw/timer/stm32f2xx_timer.c
+++ b/hw/timer/stm32f2xx_timer.c
@@ -217,7 +217,7 @@ static void stm32f2xx_timer_write(void *opaque, hwaddr offset,
         return;
     case TIM_PSC:
         timer_val = stm32f2xx_ns_to_ticks(s, now) - s->tick_offset;
-        s->tim_psc = value;
+        s->tim_psc = value & 0xFFFF;
         value = timer_val;
         break;
     case TIM_CNT: