]> git.ipfire.org Git - thirdparty/qemu.git/commitdiff
projects / thirdparty / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8143959)
target-cris: Fix buffer overflow
authorStefan Weil <sw@weilnetz.de>
Fri, 7 Sep 2012 20:36:08 +0000 (22:36 +0200)
committerMichael Roth <mdroth@linux.vnet.ibm.com>
Tue, 9 Oct 2012 06:42:06 +0000 (01:42 -0500)
Report from smatch:

target-cris/translate.c:3464 cpu_dump_state(32) error:
 buffer overflow 'env->sregs' 4 <= 255

sregs is declared 'uint32_t sregs[4][16]', so the first index must be
less than 4 or ARRAY_SIZE(env->sregs).

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
target-cris/translate.c patch | blob | blame | history

diff --git a/target-cris/translate.c b/target-cris/translate.c
index 1ad9ec788e53d7c72ebc825a9b89d0a2daf237aa..ad3187773e1023c72f5ed1a6310b42842407fefd 100644 (file)
--- a/target-cris/translate.c
+++ b/target-cris/translate.c
@@ -3458,7 +3458,7 @@ void cpu_dump_state (CPUCRISState *env, FILE *f, fprintf_function cpu_fprintf,
        }
        srs = env->pregs[PR_SRS];
        cpu_fprintf(f, "\nsupport function regs bank %x:\n", srs);
-       if (srs < 256) {
+       if (srs < ARRAY_SIZE(env->sregs)) {
                for (i = 0; i < 16; i++) {
                        cpu_fprintf(f, "s%2.2d=%8.8x ",
                                    i, env->sregs[srs][i]);
Mirror of https://git.qemu.org/git/qemu.git