target-arm: Fix potential buffer overflow

Report from smatch: target-arm/helper.c:651 arm946_prbs_read(6) error: buffer overflow 'env->cp15.c6_region' 8 <= 8 target-arm/helper.c:661 arm946_prbs_write(6) error: buffer overflow 'env->cp15.c6_region' 8 <= 8 c7_region is an array with 8 elements, so the index must be less than 8. Signed-off-by: N Stefan Weil <sw@weilnetz.de> Reviewed-by: N Peter Maydell <peter.maydell@linaro.org> Signed-off-by: N Aurelien Jarno <aurelien@aurel32.net>

target-arm: Fix potential buffer overflow
Report from smatch: target-arm/helper.c:651 arm946_prbs_read(6) error: buffer overflow 'env->cp15.c6_region' 8 <= 8 target-arm/helper.c:661 arm946_prbs_write(6) error: buffer overflow 'env->cp15.c6_region' 8 <= 8 c7_region is an array with 8 elements, so the index must be less than 8. Signed-off-by: N Stefan Weil <sw@weilnetz.de> Reviewed-by: N Peter Maydell <peter.maydell@linaro.org> Signed-off-by: N Aurelien Jarno <aurelien@aurel32.net>
599d64f6 · Stefan Weil · Aurelien Jarno · 149eeb5f · 599d64f6
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

target-arm/helper.c target-arm/helper.c +2 -2

未找到文件。
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -645,7 +645,7 @@ static int pmsav5_insn_ap_read(CPUARMState *env, const ARMCPRegInfo *ri,
 static int arm946_prbs_read(CPUARMState *env, const ARMCPRegInfo *ri,
                            uint64_t *value)
 {
-    if (ri->crm > 8) {
+    if (ri->crm >= 8) {
        return EXCP_UDEF;
    }
    *value = env->cp15.c6_region[ri->crm];
@@ -655,7 +655,7 @@ static int arm946_prbs_read(CPUARMState *env, const ARMCPRegInfo *ri,
 static int arm946_prbs_write(CPUARMState *env, const ARMCPRegInfo *ri,
                             uint64_t value)
 {
-    if (ri->crm > 8) {
+    if (ri->crm >= 8) {
        return EXCP_UDEF;
    }
    env->cp15.c6_region[ri->crm] = value;