From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tim Deegan Subject: Re: [PATCH] tools/misc: fix array access in xen-hvmctx.c Date: Fri, 30 Mar 2012 15:06:40 +0100 Message-ID: <20120330140640.GA90203@ocelot.phlegethon.org> References: <769fb4057e369d7e102b.1333115107@probook.site> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <769fb4057e369d7e102b.1333115107@probook.site> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Olaf Hering Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org At 15:45 +0200 on 30 Mar (1333122307), Olaf Hering wrote: > tools/misc: fix array access in xen-hvmctx.c > > xen-hvmctx.c: In function ???main???: > xen-hvmctx.c:126:39: error: array subscript is above array bounds > xen-hvmctx.c:126:25: error: array subscript is above array bounds > > Signed-off-by: Olaf Hering > > diff -r 14609be41f36 -r 769fb4057e36 tools/misc/xen-hvmctx.c > --- a/tools/misc/xen-hvmctx.c > +++ b/tools/misc/xen-hvmctx.c > @@ -121,7 +121,7 @@ static void dump_fpu(void *p) > i, r->mm[i].hi, r->mm[i].lo, > r->mm[i].pad[2], r->mm[i].pad[1], r->mm[i].pad[0]); > > - for ( i = 0 ; i < 16 ; i++ ) > + for ( i = 0 ; i < 15 ; i++ ) > printf(" xmm%2.2i 0x%16.16"PRIx64"%16.16"PRIx64"\n", > i, r->xmm[i].hi, r->xmm[i].lo); Oops. :) I think the bug is in the definition of the FPU struct, though: ============================= tools: Fix FPU save area definition in xen-hvmctx Reported-by: Olaf Hering Signed-off-by: Tim Deegan diff -r b7af9683e72f tools/misc/xen-hvmctx.c --- a/tools/misc/xen-hvmctx.c Thu Mar 29 17:37:30 2012 +0100 +++ b/tools/misc/xen-hvmctx.c Fri Mar 30 15:03:35 2012 +0100 @@ -98,7 +98,7 @@ struct fpu_regs { uint32_t mxcsr; uint32_t mxcsr_mask; struct fpu_mm mm[8]; - struct fpu_xmm xmm[15]; + struct fpu_xmm xmm[16]; uint64_t res1[12]; } __attribute__((packed));