qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] target-i386: cpu: fix potential buffer overrun

From: Jesse Larrew
Subject: Re: [Qemu-devel] [PATCH] target-i386: cpu: fix potential buffer overrun in get_register_name_32()
Date: Tue, 04 Jun 2013 00:39:47 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130311 Thunderbird/17.0.4 
On 06/03/2013 11:23 AM, Igor Mammedov wrote:
> spotted by Coverity,
> x86_reg_info_32[] is CPU_NB_REGS32 elements long, so accessing
> x86_reg_info_32[CPU_NB_REGS32] will be one element off array.
> 
> Signed-off-by: Igor Mammedov <address@hidden>
> ---
>  target-i386/cpu.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 1a501d9..ae8e682 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -221,7 +221,7 @@ X86RegisterInfo32 x86_reg_info_32[CPU_NB_REGS32] = {
> 
>  const char *get_register_name_32(unsigned int reg)
>  {
> -    if (reg > CPU_NB_REGS32) {
> +    if (reg >= CPU_NB_REGS32) {
>          return NULL;
>      }
>      return x86_reg_info_32[reg].name;
> 

Looks obvious now that it's been spotted. ;)

Reviewed by: Jesse Larrew <address@hidden>

Jesse Larrew
Software Engineer, KVM Team
IBM Linux Technology Center
Phone: (512) 973-2052 (T/L: 363-2052)
address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]