qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] target-arm: Fix potential buffer overflow


From: Aurelien Jarno
Subject: Re: [Qemu-devel] [PATCH] target-arm: Fix potential buffer overflow
Date: Mon, 10 Sep 2012 15:17:41 +0200
User-agent: Mutt/1.5.21 (2010-09-15)

On Tue, Sep 04, 2012 at 07:35:57AM +0200, Stefan Weil wrote:
> Report from smatch:
> 
> target-arm/helper.c:651 arm946_prbs_read(6) error:
>  buffer overflow 'env->cp15.c6_region' 8 <= 8
> target-arm/helper.c:661 arm946_prbs_write(6) error:
>  buffer overflow 'env->cp15.c6_region' 8 <= 8
> 
> c7_region is an array with 8 elements, so the index must be less than 8.
> 
> Signed-off-by: Stefan Weil <address@hidden>
> ---
>  target-arm/helper.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index dceaa95..e27df96 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -645,7 +645,7 @@ static int pmsav5_insn_ap_read(CPUARMState *env, const 
> ARMCPRegInfo *ri,
>  static int arm946_prbs_read(CPUARMState *env, const ARMCPRegInfo *ri,
>                              uint64_t *value)
>  {
> -    if (ri->crm > 8) {
> +    if (ri->crm >= 8) {
>          return EXCP_UDEF;
>      }
>      *value = env->cp15.c6_region[ri->crm];
> @@ -655,7 +655,7 @@ static int arm946_prbs_read(CPUARMState *env, const 
> ARMCPRegInfo *ri,
>  static int arm946_prbs_write(CPUARMState *env, const ARMCPRegInfo *ri,
>                               uint64_t value)
>  {
> -    if (ri->crm > 8) {
> +    if (ri->crm >= 8) {
>          return EXCP_UDEF;
>      }
>      env->cp15.c6_region[ri->crm] = value;

Thanks, applied.


-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
address@hidden                 http://www.aurel32.net



reply via email to

[Prev in Thread] Current Thread [Next in Thread]