| Message ID | alpine.DEB.2.10.1612081714360.22778@sstabellini-ThinkPad-X260 (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Hi Stefano, On 09/12/16 01:17, Stefano Stabellini wrote: > mode == ARRAY_SIZE(mode_strings) causes an out of bound access to > the mode_strings array. > > Coverity-ID: 1381859 > > Signed-off-by: Stefano Stabellini <sstabellini@kernel.org> Reviewed-by: Julien Grall <julien.grall@arm.com> On a side note, technically this will never happen because the value of mode is comprised between 0 and 0x1f. The last value of the array is currently 0x1fff (see Table D1-3 and Table D1-4 in ARM DDI 0487A.k). So I would not bother to backport this patch. Cheers,
diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index eb85d92..35d8e8b 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -643,7 +643,7 @@ static const char *mode_string(uint32_t cpsr) }; mode = cpsr & PSR_MODE_MASK; - if ( mode > ARRAY_SIZE(mode_strings) ) + if ( mode >= ARRAY_SIZE(mode_strings) ) return "Unknown"; return mode_strings[mode] ? : "Unknown"; }
mode == ARRAY_SIZE(mode_strings) causes an out of bound access to the mode_strings array. Coverity-ID: 1381859 Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>