[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] target-arm: Fix potential buffer overflow
From: |
Aurelien Jarno |
Subject: |
Re: [Qemu-devel] [PATCH] target-arm: Fix potential buffer overflow |
Date: |
Mon, 10 Sep 2012 15:17:41 +0200 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Tue, Sep 04, 2012 at 07:35:57AM +0200, Stefan Weil wrote:
> Report from smatch:
>
> target-arm/helper.c:651 arm946_prbs_read(6) error:
> buffer overflow 'env->cp15.c6_region' 8 <= 8
> target-arm/helper.c:661 arm946_prbs_write(6) error:
> buffer overflow 'env->cp15.c6_region' 8 <= 8
>
> c7_region is an array with 8 elements, so the index must be less than 8.
>
> Signed-off-by: Stefan Weil <address@hidden>
> ---
> target-arm/helper.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index dceaa95..e27df96 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -645,7 +645,7 @@ static int pmsav5_insn_ap_read(CPUARMState *env, const
> ARMCPRegInfo *ri,
> static int arm946_prbs_read(CPUARMState *env, const ARMCPRegInfo *ri,
> uint64_t *value)
> {
> - if (ri->crm > 8) {
> + if (ri->crm >= 8) {
> return EXCP_UDEF;
> }
> *value = env->cp15.c6_region[ri->crm];
> @@ -655,7 +655,7 @@ static int arm946_prbs_read(CPUARMState *env, const
> ARMCPRegInfo *ri,
> static int arm946_prbs_write(CPUARMState *env, const ARMCPRegInfo *ri,
> uint64_t value)
> {
> - if (ri->crm > 8) {
> + if (ri->crm >= 8) {
> return EXCP_UDEF;
> }
> env->cp15.c6_region[ri->crm] = value;
Thanks, applied.
--
Aurelien Jarno GPG: 1024D/F1BCDB73
address@hidden http://www.aurel32.net