thr3ads.net - Xen devel - [PATCH] tools/misc: fix array access in xen-hvmctx.c [Mar 2012]

If this information is useful, please help other people find it:
Share via:

Olaf Hering

2012-Mar-30 13:45 UTC

[PATCH] tools/misc: fix array access in xen-hvmctx.c

# HG changeset patch
# User Olaf Hering <olaf@aepfle.de>
# Date 1333114977 -7200
# Node ID 769fb4057e369d7e102b569491861ac5fe9f007d
# Parent  14609be41f369c26e759c5d63cc0d2be2fc5b9b6
tools/misc: fix array access in xen-hvmctx.c

xen-hvmctx.c: In function ‘main’:
xen-hvmctx.c:126:39: error: array subscript is above array bounds
xen-hvmctx.c:126:25: error: array subscript is above array bounds

Signed-off-by: Olaf Hering <olaf@aepfle.de>

diff -r 14609be41f36 -r 769fb4057e36 tools/misc/xen-hvmctx.c
--- a/tools/misc/xen-hvmctx.c
+++ b/tools/misc/xen-hvmctx.c
@@ -121,7 +121,7 @@ static void dump_fpu(void *p)
                i, r->mm[i].hi, r->mm[i].lo,
                r->mm[i].pad[2], r->mm[i].pad[1], r->mm[i].pad[0]);
 
-    for ( i = 0 ; i < 16 ; i++ ) 
+    for ( i = 0 ; i < 15 ; i++ ) 
         printf("          xmm%2.2i
0x%16.16"PRIx64"%16.16"PRIx64"\n",
                i, r->xmm[i].hi, r->xmm[i].lo);
     
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Tim Deegan

2012-Mar-30 14:06 UTC

head link

Re: [PATCH] tools/misc: fix array access in xen-hvmctx.c

At 15:45 +0200 on 30 Mar (1333122307), Olaf Hering
wrote:> tools/misc: fix array access in xen-hvmctx.c
> 
> xen-hvmctx.c: In function ???main???:
> xen-hvmctx.c:126:39: error: array subscript is above array bounds
> xen-hvmctx.c:126:25: error: array subscript is above array bounds
> 
> Signed-off-by: Olaf Hering <olaf@aepfle.de>
> 
> diff -r 14609be41f36 -r 769fb4057e36 tools/misc/xen-hvmctx.c
> --- a/tools/misc/xen-hvmctx.c
> +++ b/tools/misc/xen-hvmctx.c
> @@ -121,7 +121,7 @@ static void dump_fpu(void *p)
>                 i, r->mm[i].hi, r->mm[i].lo,
>                 r->mm[i].pad[2], r->mm[i].pad[1],
r->mm[i].pad[0]);
>  
> -    for ( i = 0 ; i < 16 ; i++ ) 
> +    for ( i = 0 ; i < 15 ; i++ ) 
>          printf("          xmm%2.2i
0x%16.16"PRIx64"%16.16"PRIx64"\n",
>                 i, r->xmm[i].hi, r->xmm[i].lo);
Oops. :)  I think the bug is in the definition of the FPU struct, though:

============================
tools: Fix FPU save area definition in xen-hvmctx

Reported-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Tim Deegan <tim@xen.org>

diff -r b7af9683e72f tools/misc/xen-hvmctx.c
--- a/tools/misc/xen-hvmctx.c   Thu Mar 29 17:37:30 2012 +0100
+++ b/tools/misc/xen-hvmctx.c   Fri Mar 30 15:03:35 2012 +0100
@@ -98,7 +98,7 @@ struct fpu_regs {
     uint32_t mxcsr;
     uint32_t mxcsr_mask;
     struct fpu_mm mm[8];
-    struct fpu_xmm xmm[15];
+    struct fpu_xmm xmm[16];
     uint64_t res1[12];
 } __attribute__((packed));

Ian Jackson

2012-Apr-02 15:01 UTC

head link

Re: [PATCH] tools/misc: fix array access in xen-hvmctx.c

Tim Deegan writes ("Re: [Xen-devel] [PATCH] tools/misc: fix array access in
xen-hvmctx.c"):> tools: Fix FPU save area definition in xen-hvmctx
> 
> Reported-by: Olaf Hering <olaf@aepfle.de>
> Signed-off-by: Tim Deegan <tim@xen.org>
Urgh.  This seems plausible.  (The repetition of the constant "16" is
unfortunate but we don''t have ARRAY_SIZE Here...)

I intend to apply Tim''s patch unless anyone objects.

Ian.

Tim Deegan

2012-Apr-12 08:02 UTC

head link

Re: [PATCH] tools/misc: fix array access in xen-hvmctx.c

At 16:01 +0100 on 02 Apr (1333382473), Ian Jackson
wrote:> Tim Deegan writes ("Re: [Xen-devel] [PATCH] tools/misc: fix array
access in xen-hvmctx.c"):
> > tools: Fix FPU save area definition in xen-hvmctx
> > 
> > Reported-by: Olaf Hering <olaf@aepfle.de>
> > Signed-off-by: Tim Deegan <tim@xen.org>
> 
> Urgh.  This seems plausible.  (The repetition of the constant
"16" is
> unfortunate but we don''t have ARRAY_SIZE Here...)
> 
> I intend to apply Tim''s patch unless anyone objects.
Ping?

Tim.

Tim Deegan

2012-Apr-18 11:53 UTC

head link

Re: [PATCH] tools/misc: fix array access in xen-hvmctx.c

At 09:02 +0100 on 12 Apr (1334221344), Tim Deegan wrote:> At 16:01 +0100 on 02 Apr (1333382473), Ian Jackson wrote:
> > Tim Deegan writes ("Re: [Xen-devel] [PATCH] tools/misc: fix array
access in xen-hvmctx.c"):
> > > tools: Fix FPU save area definition in xen-hvmctx
> > > 
> > > Reported-by: Olaf Hering <olaf@aepfle.de>
> > > Signed-off-by: Tim Deegan <tim@xen.org>
> > 
> > Urgh.  This seems plausible.  (The repetition of the constant
"16" is
> > unfortunate but we don''t have ARRAY_SIZE Here...)
> > 
> > I intend to apply Tim''s patch unless anyone objects.
> 
> Ping?
Looks like nobody objects. 

Tim.

Ian Jackson

2012-Apr-24 17:39 UTC

head link

Re: [PATCH] tools/misc: fix array access in xen-hvmctx.c

Tim Deegan writes ("Re: [Xen-devel] [PATCH] tools/misc: fix array access in
xen-hvmctx.c"):> tools: Fix FPU save area definition in xen-hvmctx
> 
> Reported-by: Olaf Hering <olaf@aepfle.de>
> Signed-off-by: Tim Deegan <tim@xen.org>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

Xen devel - Mar 2012 - [PATCH] tools/misc: fix array access in xen-hvmctx.c

[PATCH] tools/misc: fix array access in xen-hvmctx.c

Re: [PATCH] tools/misc: fix array access in xen-hvmctx.c

Re: [PATCH] tools/misc: fix array access in xen-hvmctx.c

Re: [PATCH] tools/misc: fix array access in xen-hvmctx.c

Re: [PATCH] tools/misc: fix array access in xen-hvmctx.c

Re: [PATCH] tools/misc: fix array access in xen-hvmctx.c