diff options
author | Igor Mammedov <imammedo@redhat.com> | 2013-06-03 18:23:27 +0200 |
---|---|---|
committer | Michael Roth <mdroth@linux.vnet.ibm.com> | 2013-06-17 18:01:42 -0500 |
commit | c683f1b93444a25e093225751c597dccc2082f8e (patch) | |
tree | 3b328988ae197dcde21260f7ac1659fed4c5c01a | |
parent | 75e4aa9405d7824bc5b26c0c10d5bab7fd697d2e (diff) | |
download | qemu-c683f1b93444a25e093225751c597dccc2082f8e.tar.gz |
target-i386: cpu: Fix potential buffer overrun in get_register_name_32()
Spotted by Coverity,
x86_reg_info_32[] is CPU_NB_REGS32 elements long, so accessing
x86_reg_info_32[CPU_NB_REGS32] will be one element off array.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: liguang <lig.fnst@cn.fujitsu.com>
Reviewed by: Jesse Larrew <jlarrew@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 31ccdde298d98b08526dc23059071c9086dec6c2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
-rw-r--r-- | target-i386/cpu.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/target-i386/cpu.c b/target-i386/cpu.c index 1a501d9d33..ae8e68271b 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -221,7 +221,7 @@ X86RegisterInfo32 x86_reg_info_32[CPU_NB_REGS32] = { const char *get_register_name_32(unsigned int reg) { - if (reg > CPU_NB_REGS32) { + if (reg >= CPU_NB_REGS32) { return NULL; } return x86_reg_info_32[reg].name; |