Patchwork [PULL,06/17] target-i386: cpu: Fix potential buffer overrun in get_register_name_32()

login
register
mail settings
Submitter Andreas Färber
Date June 13, 2013, 12:45 a.m.
Message ID <1371084329-814-7-git-send-email-afaerber@suse.de>
Download mbox | patch
Permalink /patch/250953/
State New
Headers show

Comments

Andreas Färber - June 13, 2013, 12:45 a.m.
From: Igor Mammedov <imammedo@redhat.com>

Spotted by Coverity,
x86_reg_info_32[] is CPU_NB_REGS32 elements long, so accessing
x86_reg_info_32[CPU_NB_REGS32] will be one element off array.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: liguang <lig.fnst@cn.fujitsu.com>
Reviewed by: Jesse Larrew <jlarrew@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
---
 target-i386/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 762baad..4b2da0d 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -221,7 +221,7 @@  X86RegisterInfo32 x86_reg_info_32[CPU_NB_REGS32] = {
 
 const char *get_register_name_32(unsigned int reg)
 {
-    if (reg > CPU_NB_REGS32) {
+    if (reg >= CPU_NB_REGS32) {
         return NULL;
     }
     return x86_reg_info_32[reg].name;